6019b75feb2e1fcc2f3b554a0cf4ba1f293fc603aea8a9d24d954c45ccaf9a5d

Analysis

max time kernel
93s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 20:50

Target

3653c44a327310e9de78614e53221175_JaffaCakes118.dll
Size

212KB
MD5

3653c44a327310e9de78614e53221175
SHA1

c406eed10125fe91e9ad3a2a57ffa4f4a914a6e5
SHA256

6019b75feb2e1fcc2f3b554a0cf4ba1f293fc603aea8a9d24d954c45ccaf9a5d
SHA512

585882295e562751b0322ec07440fd242f049b3d2706ed309cdb65372c94b0ef75e48e0b625b929a9aa281ecd7067309ed31777b6b3936fd4355f75e8375368f
SSDEEP

3072:h313iLHHvmUr/Ra2A6w2DjDq8dWNKyvZPPMmkZrnmv2nNyoUXo:XanOUryIq8dWNnpUmkZr62NuXo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 4196	4940	regsvr32.exe	82
PID 4940 wrote to memory of 4196	4940	regsvr32.exe	82
PID 4940 wrote to memory of 4196	4940	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3653c44a327310e9de78614e53221175_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3653c44a327310e9de78614e53221175_JaffaCakes118.dll
  2⤵
  PID:4196