1d1290e6dc6ee76f8cffc2701b78a0da1fd4b1214b3a403764f95fa80724fa66

Analysis

max time kernel
148s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 06:20

Target

33a053753f3e90e714f8eea0f451044a_JaffaCakes118.dll
Size

71KB
MD5

33a053753f3e90e714f8eea0f451044a
SHA1

15233a9bbe770fe49e281e98067d165461fdb3e0
SHA256

1d1290e6dc6ee76f8cffc2701b78a0da1fd4b1214b3a403764f95fa80724fa66
SHA512

badf58baa9bf1a09b87c43243968fb0620263bb21833e3d5bbdaa0070e4ed7ff452cd940b6d9238b718df77e3cdec518f8e7ad14a05acca43ae11b1bd889808f
SSDEEP

1536:DXe1KlSBDBWUg30dXUYoGcAUsUr/1SDHqpJoo/IQStOtB:DXKDBWUgUoGZUZ75io/IQS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3284 wrote to memory of 1188	3284	regsvr32.exe	81
PID 3284 wrote to memory of 1188	3284	regsvr32.exe	81
PID 3284 wrote to memory of 1188	3284	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\33a053753f3e90e714f8eea0f451044a_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3284
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\33a053753f3e90e714f8eea0f451044a_JaffaCakes118.dll
  2⤵
  PID:1188

memory/1188-0-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download