d348c3c34872b90f5322cfb2c3134e62d0d0be4b6943b20b598126799912c6fa

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 01:38

Target

3b86b4d577082f58dc10cd5bb3630d75_JaffaCakes118.dll
Size

101KB
MD5

3b86b4d577082f58dc10cd5bb3630d75
SHA1

8954c66f89e6ced215ea71271fb258e8848cb79a
SHA256

d348c3c34872b90f5322cfb2c3134e62d0d0be4b6943b20b598126799912c6fa
SHA512

e20c819dfec8df7462bfe408dddf032e78d5169a8848c2614bb469a71a5ad47347823f6c59c1d792ca30a16f0e4fff20af9bd72cf5bff866e27c602fa009e301
SSDEEP

1536:0FBeK8NFxmZaZkPThrXQQrqKXc9IV3XA8+WSZw73AiLCS/Bso+ck1BMkhh4MWtlo:EBHhPVrX3qSnAhWDJLv/nqNhh4byZh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2788	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2788	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2788	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2788	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2788	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2788	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2788	2732	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3b86b4d577082f58dc10cd5bb3630d75_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3b86b4d577082f58dc10cd5bb3630d75_JaffaCakes118.dll
  2⤵
  PID:2788

memory/2788-0-0x0000000000220000-0x0000000000267000-memory.dmp

Filesize
284KB

Download