30bbdbb9666c032ea3d2c60e4e9984dcc5cea0357eb0614cde0dfd9dde1cfa33

Analysis

max time kernel
93s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 03:56

Target

33361ae7f01f960e82c36f85143ed1be_JaffaCakes118.dll
Size

32KB
MD5

33361ae7f01f960e82c36f85143ed1be
SHA1

2057caf831dc2bc402e08c9825a9e7e021324403
SHA256

30bbdbb9666c032ea3d2c60e4e9984dcc5cea0357eb0614cde0dfd9dde1cfa33
SHA512

57b3a838e44dfae1766db1862dcd552ac9c9260fcf74801c7e1337b8f1426f34fef3d0ed365aa8769ab67b6099d836b244f99dfd5d6a5f8b187f321dcd1c82ca
SSDEEP

384:WNNe06t9hclnM+xBwPDBefnK8NUQLSN/DFgdHF7xs4GWlBoKN8UWHfjHk:SeP9hITw7y1LSN/ZgdH/1FlBojU2fQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 2856	2608	regsvr32.exe	81
PID 2608 wrote to memory of 2856	2608	regsvr32.exe	81
PID 2608 wrote to memory of 2856	2608	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\33361ae7f01f960e82c36f85143ed1be_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\33361ae7f01f960e82c36f85143ed1be_JaffaCakes118.dll
  2⤵
  PID:2856