e47d8ca23cf49b970bfd9f1b50ef35054863c765e7920922e800e64f297f0f11

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 10:05

Target

3cef01ceede9d98c883efbb3cd849be5_JaffaCakes118.dll
Size

86KB
MD5

3cef01ceede9d98c883efbb3cd849be5
SHA1

2576c81cb8d3199cbf7d2419544992cf1d8b813f
SHA256

e47d8ca23cf49b970bfd9f1b50ef35054863c765e7920922e800e64f297f0f11
SHA512

fd96593ebfdfc75302563df1af4d90902c18fb05e52628a0a417a8956e487bb8df96dab8cb69059f41c131df9a5e31f9408ac9162a8980387cb760047e43d226
SSDEEP

1536:nNKb7sw8hkAAGipZYMS1D6p5V+NYXwu8//9/P+ccwGnwhahbjJIj7:nNGl8h3ZifS1D63Mqe//fcEwljE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 2088	836	regsvr32.exe	30
PID 836 wrote to memory of 2088	836	regsvr32.exe	30
PID 836 wrote to memory of 2088	836	regsvr32.exe	30
PID 836 wrote to memory of 2088	836	regsvr32.exe	30
PID 836 wrote to memory of 2088	836	regsvr32.exe	30
PID 836 wrote to memory of 2088	836	regsvr32.exe	30
PID 836 wrote to memory of 2088	836	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3cef01ceede9d98c883efbb3cd849be5_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3cef01ceede9d98c883efbb3cd849be5_JaffaCakes118.dll
  2⤵
  PID:2088

memory/2088-0-0x0000000000930000-0x0000000000973000-memory.dmp

Filesize
268KB

Download