cd48c084e8b094f9ab2740ee716396468b0baac6a140a1cfe8fd46e1f8fb6a98

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 10:40

Target

3d0a45226dc3ee007015e302b51f5538_JaffaCakes118.dll
Size

132KB
MD5

3d0a45226dc3ee007015e302b51f5538
SHA1

8b6c084122757a68868aa8601d67b7efa61436b5
SHA256

cd48c084e8b094f9ab2740ee716396468b0baac6a140a1cfe8fd46e1f8fb6a98
SHA512

1a59b39b97e5688ffa256f937b74552fe3d0b764da3a3b9f5dec4713f7ceb63d4686944f6f3e498e8dfdb2ab2864339cfb7cccd957e01cf57effbb6d5723661c
SSDEEP

3072:AIyDq8ZPSQJmwdjqSFPOWs8+FXVdBh1M+YlY0:MpZP8wdjqwPNs8sRhi+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 896	2392	regsvr32.exe	30
PID 2392 wrote to memory of 896	2392	regsvr32.exe	30
PID 2392 wrote to memory of 896	2392	regsvr32.exe	30
PID 2392 wrote to memory of 896	2392	regsvr32.exe	30
PID 2392 wrote to memory of 896	2392	regsvr32.exe	30
PID 2392 wrote to memory of 896	2392	regsvr32.exe	30
PID 2392 wrote to memory of 896	2392	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3d0a45226dc3ee007015e302b51f5538_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3d0a45226dc3ee007015e302b51f5538_JaffaCakes118.dll
  2⤵
  PID:896

memory/896-0-0x00000000001E0000-0x0000000000201000-memory.dmp

Filesize
132KB

Download