cc0ef58414ec28610f66b05ddebedadfa11a5a8889619dc6b9e0d798036f3c87

Analysis

max time kernel
93s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 06:07

Target

407a9cbd1e6389c42da42b590f8fb947_JaffaCakes118.dll
Size

59KB
MD5

407a9cbd1e6389c42da42b590f8fb947
SHA1

f33db852de54447a3b8659bcec4410c5b86a9127
SHA256

cc0ef58414ec28610f66b05ddebedadfa11a5a8889619dc6b9e0d798036f3c87
SHA512

68223847fd5340b5c8b7fefd3e0b903d2ef2b0fe79ecf5fe1cda8e78e7cd8f9feef2c36ac5a52b100ce2807b1b0af563cecb5422d8900bdf5bdb0d1086c9b2a9
SSDEEP

768:vcKzyQ6YX2C5cQs4/x6xxKbhZaQ7ONqtUOx4IHQaJJkMsshd+CwpP22/c:UIy05517usbhM6Ug4WhQCwpP22

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 2392	756	regsvr32.exe	83
PID 756 wrote to memory of 2392	756	regsvr32.exe	83
PID 756 wrote to memory of 2392	756	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\407a9cbd1e6389c42da42b590f8fb947_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:756
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\407a9cbd1e6389c42da42b590f8fb947_JaffaCakes118.dll
  2⤵
  PID:2392

memory/2392-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2392-1-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2392-2-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download