ddaf1d3be9ce97a404a1026ffdc8bb44268c2d95b830812f7bbfbc74e1f55686

Analysis

max time kernel
92s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 15:43

Target

39bf8a5ad89a5548d71aa41e53b43566_JaffaCakes118.dll
Size

184KB
MD5

39bf8a5ad89a5548d71aa41e53b43566
SHA1

cb24c2b5839dc1d025a43f0dc7a939adf8d51027
SHA256

ddaf1d3be9ce97a404a1026ffdc8bb44268c2d95b830812f7bbfbc74e1f55686
SHA512

4fce57085391d1e5dd489331a9f9ad37d192b1aa4ab3d64b061108aed2c3e6f1bed3eba2242818b76ed051b48108359975a2393b104332fb2b9acfc3158f0f70
SSDEEP

3072:OgcmieZXUwbLxVvsIPCgl/92AkJm9owaMrBBY+z6DaGSok1:VzZXUwD6gl/92ApNbY+z6e

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2964	3000	regsvr32.exe	83
PID 3000 wrote to memory of 2964	3000	regsvr32.exe	83
PID 3000 wrote to memory of 2964	3000	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\39bf8a5ad89a5548d71aa41e53b43566_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\39bf8a5ad89a5548d71aa41e53b43566_JaffaCakes118.dll
  2⤵
  PID:2964

memory/2964-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download