f4c291cf54839a8de1b1db83971dea8af20c22f5115a00ba2934cdfee8087c5b | Triage

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 08:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

33eb149290dfda3c0e5601e56269733a_JaffaCakes118.dll
Size

128KB
MD5

33eb149290dfda3c0e5601e56269733a
SHA1

1952f6b7cf7d6a127bb7ab0b3f8b2fcd03267894
SHA256

f4c291cf54839a8de1b1db83971dea8af20c22f5115a00ba2934cdfee8087c5b
SHA512

ecd98742a07eaa6496379cc19c114e34d0a8d0bf5d123d21b1801e00e1a509f6c44231ef15ef88e900630026555ef6a29ea7a5224a1fcbab6f3f168e03fc0d45
SSDEEP

3072:ZSL2+lfdHlEAskeGEGAmS2UhfCUfAYoPj:x+fj

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 1048	2232	regsvr32.exe	31
PID 2232 wrote to memory of 1048	2232	regsvr32.exe	31
PID 2232 wrote to memory of 1048	2232	regsvr32.exe	31
PID 2232 wrote to memory of 1048	2232	regsvr32.exe	31
PID 2232 wrote to memory of 1048	2232	regsvr32.exe	31
PID 2232 wrote to memory of 1048	2232	regsvr32.exe	31
PID 2232 wrote to memory of 1048	2232	regsvr32.exe	31

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\33eb149290dfda3c0e5601e56269733a_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\33eb149290dfda3c0e5601e56269733a_JaffaCakes118.dll
  2⤵
  PID:1048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1048-0-0x00000000001F0000-0x0000000000210000-memory.dmp

Filesize
128KB

Download
memory/1048-1-0x00000000001F0000-0x0000000000210000-memory.dmp

Filesize
128KB

Download