85f59369b53445fd73198195d58c5393a331e52dd79c2d6c3d2960333a510bbd

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 21:15

Target

3ee88cc797a6b9c9791c3baaa8d762ab_JaffaCakes118.dll
Size

59KB
MD5

3ee88cc797a6b9c9791c3baaa8d762ab
SHA1

066433429b1045a5a4e8656eac3ca2c4baf90a60
SHA256

85f59369b53445fd73198195d58c5393a331e52dd79c2d6c3d2960333a510bbd
SHA512

29755653b75504bd57af0a1ad5079ed6f04167522e874eb3303d9bd453d5744bd3f87bbd9a9cf880e1683e0bd6a7084820871d5303f423391a4a7296e9c79689
SSDEEP

768:MKzy7Ec7U+wWh9Z3tOPmYYTGw6YJ05/mBnoPKr5oCkMwb0ry2Fp9ooizC0f8RHar:MIy8G9ZUPxoPJ0xQoy2vbBoEC00RHfi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 1868	2112	regsvr32.exe	30
PID 2112 wrote to memory of 1868	2112	regsvr32.exe	30
PID 2112 wrote to memory of 1868	2112	regsvr32.exe	30
PID 2112 wrote to memory of 1868	2112	regsvr32.exe	30
PID 2112 wrote to memory of 1868	2112	regsvr32.exe	30
PID 2112 wrote to memory of 1868	2112	regsvr32.exe	30
PID 2112 wrote to memory of 1868	2112	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3ee88cc797a6b9c9791c3baaa8d762ab_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3ee88cc797a6b9c9791c3baaa8d762ab_JaffaCakes118.dll
  2⤵
  PID:1868

memory/1868-0-0x00000000001A0000-0x00000000001DA000-memory.dmp

Filesize
232KB

Download
memory/1868-1-0x00000000001A0000-0x00000000001DA000-memory.dmp

Filesize
232KB

Download