6ebc135e5c2c6ec57a907294f2c7e42e63c17b41c5e9356ffe51b573c03143f2

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 00:42

Target

3b5cbc602f0b7bb4b5d15a16eb98cd5e_JaffaCakes118.dll
Size

100KB
MD5

3b5cbc602f0b7bb4b5d15a16eb98cd5e
SHA1

4c7561c324cf11293244411f4a5eb56672835b6b
SHA256

6ebc135e5c2c6ec57a907294f2c7e42e63c17b41c5e9356ffe51b573c03143f2
SHA512

8246251f1c6c7c3165c12f1459636637d9c32e4cc481807ac386d43e4f3a221bde98786790ad2854368303c7029981e5be9b6318a62759bc1e8f0367f534d015
SSDEEP

1536:zMqzW7JoS7qxgY96riqT2KazWkokkkkkkotV74wooRdhbnvZYddL:z5OK1bzWkokkkkkkcVUwooRdhbvZYdd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2820	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2820	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2820	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2820	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2820	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2820	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2820	2732	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3b5cbc602f0b7bb4b5d15a16eb98cd5e_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3b5cbc602f0b7bb4b5d15a16eb98cd5e_JaffaCakes118.dll
  2⤵
  PID:2820

memory/2820-0-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download