a8a642c96bd485bce900e9548940391044e5a3825550c6db991141e30ea84df3

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 05:26

Target

3377517ec9bf232e4304070b22f66918_JaffaCakes118.dll
Size

88KB
MD5

3377517ec9bf232e4304070b22f66918
SHA1

034cc275025f8f488210503fc0706ba2242a2be7
SHA256

a8a642c96bd485bce900e9548940391044e5a3825550c6db991141e30ea84df3
SHA512

5bdb02c44182a2d1002a99b4fd94dcd5b1eeec499d3fc956e628a813cf44632baa47999c1fa7570f34a6bb7cb9f81734e1988c2981d5abb0aff3a7fefa5620da
SSDEEP

1536:3V1w9m+dksHVByOz2wZjk4nICS4AsvCFOJdLa1H9YuUv:l2m5sHVoOz2wb0uvCFOJct9Yp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 4944	4848	regsvr32.exe	81
PID 4848 wrote to memory of 4944	4848	regsvr32.exe	81
PID 4848 wrote to memory of 4944	4848	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3377517ec9bf232e4304070b22f66918_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3377517ec9bf232e4304070b22f66918_JaffaCakes118.dll
  2⤵
  PID:4944