5aa9e2257820554d8e6fd4a203f459c9ec2a05085305a9d9c1f629ec79f48460

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 06:52

Target

40a08e80117ec5b92e3b6badb07a0034_JaffaCakes118.dll
Size

97KB
MD5

40a08e80117ec5b92e3b6badb07a0034
SHA1

ea99135f586ba3bc47c7c91967dfc2d4bca28b78
SHA256

5aa9e2257820554d8e6fd4a203f459c9ec2a05085305a9d9c1f629ec79f48460
SHA512

99220740dc0672a8b854da92cbde2a001157622146cc67cda075f2bd1a9940d3041697a2b94f63dde1c519c99a47d364d7d5015f228f4e8a9838936a1a61908b
SSDEEP

1536:NQspD5TNK5fFJvkwf6ZNjGWMhsx5FwYBhaKRPgAEHUT0BDSPStlYJ3F5DNcrMOlx:/BXLVMhsx5FwY/5PgAp2DMelYBFeME

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2968	2388	regsvr32.exe	29
PID 2388 wrote to memory of 2968	2388	regsvr32.exe	29
PID 2388 wrote to memory of 2968	2388	regsvr32.exe	29
PID 2388 wrote to memory of 2968	2388	regsvr32.exe	29
PID 2388 wrote to memory of 2968	2388	regsvr32.exe	29
PID 2388 wrote to memory of 2968	2388	regsvr32.exe	29
PID 2388 wrote to memory of 2968	2388	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\40a08e80117ec5b92e3b6badb07a0034_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\40a08e80117ec5b92e3b6badb07a0034_JaffaCakes118.dll
  2⤵
  PID:2968