222dc9f4341e3ab7d6106d1e627aae181cae8c06935c5620d1851fd067b80a6f

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 19:31

Target

3e99b4aa1d2596b00f1456225bee8a29_JaffaCakes118.dll
Size

260KB
MD5

3e99b4aa1d2596b00f1456225bee8a29
SHA1

8bf8ec762ca948428e15c4f9299cd08f01140dd0
SHA256

222dc9f4341e3ab7d6106d1e627aae181cae8c06935c5620d1851fd067b80a6f
SHA512

0af7bb2b7f294d2c12b7beecb3a95c4cfc3e2029ac67a3ebb664b38cfd0e4a99827f4d216a06e46aedc4adfd87744cf9db724ac284ed75bb60e98665d2a0b3ad
SSDEEP

6144:mhk8vnYRs3PayHxfxBZyL1Qpk95Hbi6wK9OhrU:s/ayxxBZ3pSdBOhrU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 4592	2176	regsvr32.exe	83
PID 2176 wrote to memory of 4592	2176	regsvr32.exe	83
PID 2176 wrote to memory of 4592	2176	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3e99b4aa1d2596b00f1456225bee8a29_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3e99b4aa1d2596b00f1456225bee8a29_JaffaCakes118.dll
  2⤵
  PID:4592

memory/4592-0-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4592-1-0x0000000010001000-0x0000000010002000-memory.dmp

Filesize
4KB

Download