a7f2c90cc7aa3f8d6e22d8933456ae2c53f38a7f42fef03798874d512a232f7e

Analysis

max time kernel
94s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 16:55

Target

31363e4f160e76851e9b568b9a84007e_JaffaCakes118.dll
Size

103KB
MD5

31363e4f160e76851e9b568b9a84007e
SHA1

8bbd81141fb28997bb60b6c9fd3c0caf34774c32
SHA256

a7f2c90cc7aa3f8d6e22d8933456ae2c53f38a7f42fef03798874d512a232f7e
SHA512

43bfcf75e06dd2e269c0e0b22b247333799520e212be1a8246cfcbe18e604ab8df3bb5e833a4ded1af0c4c5c06da0108cb9cf9cef59d13eb6ac941721aba952a
SSDEEP

3072:+xViaCvWfPD50tDfBw/A2+5COixwPm5igK5E4R:+xVifK5IDfW/A3COixzZK5E4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2400	2724	regsvr32.exe	82
PID 2724 wrote to memory of 2400	2724	regsvr32.exe	82
PID 2724 wrote to memory of 2400	2724	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\31363e4f160e76851e9b568b9a84007e_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\31363e4f160e76851e9b568b9a84007e_JaffaCakes118.dll
  2⤵
  PID:2400

memory/2400-0-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/2400-1-0x0000000000443000-0x0000000000444000-memory.dmp

Filesize
4KB

Download