d3ba65cc6240279dbcdf1d526e081fde44c04acb7d761b2e15f92abd91550277

Analysis

max time kernel
93s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 14:23

Target

3dbd8af63c04a2dbb27d1cd744cbdb25_JaffaCakes118.dll
Size

30KB
MD5

3dbd8af63c04a2dbb27d1cd744cbdb25
SHA1

0d7f8b114908e9391cf12acee8c51eb069ff5d70
SHA256

d3ba65cc6240279dbcdf1d526e081fde44c04acb7d761b2e15f92abd91550277
SHA512

58dbbaa8fce6012c838783ff83e592f73a5c21465f95570f6f111f4da50355b5af6c292b1209418545340ad4e497169ebace244d2a070ddd75346f9e3970ee7e
SSDEEP

768:CKSCquFw0GQO/mRsrdpRwwYbg8v43IUdDya:GCquFw0GQixnwpa3rt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 3600	5004	regsvr32.exe	83
PID 5004 wrote to memory of 3600	5004	regsvr32.exe	83
PID 5004 wrote to memory of 3600	5004	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3dbd8af63c04a2dbb27d1cd744cbdb25_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3dbd8af63c04a2dbb27d1cd744cbdb25_JaffaCakes118.dll
  2⤵
  PID:3600