539d9d4ea7f9fc1c76fa3fd45e18f1ec6a1d5dc59fcc4858c8ee1e578448f9b8

Analysis

max time kernel
13s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 13:03

Target

41c84f2eadfe8f44df36065fc545f236_JaffaCakes118.dll
Size

35KB
MD5

41c84f2eadfe8f44df36065fc545f236
SHA1

c500789ac1bdc81860f5131c170efa4781f90d28
SHA256

539d9d4ea7f9fc1c76fa3fd45e18f1ec6a1d5dc59fcc4858c8ee1e578448f9b8
SHA512

5a380689f76c014066c9b636e1c17289af6e26b7a777e245c544881e8a549dd1daea9cd8c48d19e79b409368453bb93097d0815bee3cc963315fb060e3a26bff
SSDEEP

768:dQoi6qZO1Qegd2GAPgxUf/6SYNmrcdVGkJ36ek:dQv6qZ4Q35Qg6f/6jP6p

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 2296	1848	regsvr32.exe	30
PID 1848 wrote to memory of 2296	1848	regsvr32.exe	30
PID 1848 wrote to memory of 2296	1848	regsvr32.exe	30
PID 1848 wrote to memory of 2296	1848	regsvr32.exe	30
PID 1848 wrote to memory of 2296	1848	regsvr32.exe	30
PID 1848 wrote to memory of 2296	1848	regsvr32.exe	30
PID 1848 wrote to memory of 2296	1848	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\41c84f2eadfe8f44df36065fc545f236_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\41c84f2eadfe8f44df36065fc545f236_JaffaCakes118.dll
  2⤵
  PID:2296