1cafc7151679750a48db65ee89812e2a77aa035ec1d71d013076ea32471b450d

Analysis

max time kernel
93s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 00:59

Target

371bef9ed0ad0ebec97164061d4f2c32_JaffaCakes118.dll
Size

118KB
MD5

371bef9ed0ad0ebec97164061d4f2c32
SHA1

63fedb65468e6373e59a65a79128c28b364179e9
SHA256

1cafc7151679750a48db65ee89812e2a77aa035ec1d71d013076ea32471b450d
SHA512

63c6616d52483ddea47477045df02b82674f8d05fc1fc4b7ef40e2ced4640b24e09705810ef514e2a8436f9e383e77e4c556d508ed7edadde5ac5c56814a3dd4
SSDEEP

3072:lPHNSXw8l8VutkQPFyQQzfMO+DvLChJsasCK:luHleuyQPFQzk9rmhJxs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 3852	2324	regsvr32.exe	83
PID 2324 wrote to memory of 3852	2324	regsvr32.exe	83
PID 2324 wrote to memory of 3852	2324	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\371bef9ed0ad0ebec97164061d4f2c32_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\371bef9ed0ad0ebec97164061d4f2c32_JaffaCakes118.dll
  2⤵
  PID:3852

memory/3852-0-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3852-1-0x000000000044D000-0x000000000044E000-memory.dmp

Filesize
4KB

Download