1d1290e6dc6ee76f8cffc2701b78a0da1fd4b1214b3a403764f95fa80724fa66

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 06:20

Target

33a053753f3e90e714f8eea0f451044a_JaffaCakes118.dll
Size

71KB
MD5

33a053753f3e90e714f8eea0f451044a
SHA1

15233a9bbe770fe49e281e98067d165461fdb3e0
SHA256

1d1290e6dc6ee76f8cffc2701b78a0da1fd4b1214b3a403764f95fa80724fa66
SHA512

badf58baa9bf1a09b87c43243968fb0620263bb21833e3d5bbdaa0070e4ed7ff452cd940b6d9238b718df77e3cdec518f8e7ad14a05acca43ae11b1bd889808f
SSDEEP

1536:DXe1KlSBDBWUg30dXUYoGcAUsUr/1SDHqpJoo/IQStOtB:DXKDBWUgUoGZUZ75io/IQS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 700	1984	regsvr32.exe	30
PID 1984 wrote to memory of 700	1984	regsvr32.exe	30
PID 1984 wrote to memory of 700	1984	regsvr32.exe	30
PID 1984 wrote to memory of 700	1984	regsvr32.exe	30
PID 1984 wrote to memory of 700	1984	regsvr32.exe	30
PID 1984 wrote to memory of 700	1984	regsvr32.exe	30
PID 1984 wrote to memory of 700	1984	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\33a053753f3e90e714f8eea0f451044a_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\33a053753f3e90e714f8eea0f451044a_JaffaCakes118.dll
  2⤵
  PID:700

memory/700-0-0x0000000000210000-0x0000000000259000-memory.dmp

Filesize
292KB

Download
memory/700-2-0x000000000023F000-0x0000000000251000-memory.dmp

Filesize
72KB

Download
memory/700-1-0x0000000000210000-0x0000000000259000-memory.dmp

Filesize
292KB

Download