Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
12/07/2024, 10:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3d0a45226dc3ee007015e302b51f5538_JaffaCakes118.dll
Resource
win7-20240704-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3d0a45226dc3ee007015e302b51f5538_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
3d0a45226dc3ee007015e302b51f5538_JaffaCakes118.dll
-
Size
132KB
-
MD5
3d0a45226dc3ee007015e302b51f5538
-
SHA1
8b6c084122757a68868aa8601d67b7efa61436b5
-
SHA256
cd48c084e8b094f9ab2740ee716396468b0baac6a140a1cfe8fd46e1f8fb6a98
-
SHA512
1a59b39b97e5688ffa256f937b74552fe3d0b764da3a3b9f5dec4713f7ceb63d4686944f6f3e498e8dfdb2ab2864339cfb7cccd957e01cf57effbb6d5723661c
-
SSDEEP
3072:AIyDq8ZPSQJmwdjqSFPOWs8+FXVdBh1M+YlY0:MpZP8wdjqwPNs8sRhi+
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2392 wrote to memory of 896 2392 regsvr32.exe 30 PID 2392 wrote to memory of 896 2392 regsvr32.exe 30 PID 2392 wrote to memory of 896 2392 regsvr32.exe 30 PID 2392 wrote to memory of 896 2392 regsvr32.exe 30 PID 2392 wrote to memory of 896 2392 regsvr32.exe 30 PID 2392 wrote to memory of 896 2392 regsvr32.exe 30 PID 2392 wrote to memory of 896 2392 regsvr32.exe 30
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\3d0a45226dc3ee007015e302b51f5538_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
PID:2392 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\3d0a45226dc3ee007015e302b51f5538_JaffaCakes118.dll2⤵PID:896
-