96b512d7775c2f23c98cfd1d9d043288b6348076ca1c86ca7e25a0bce692b0d0

Analysis

max time kernel
15s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 08:45

Target

4519955084170654ca1ee9ada3df6b5f_JaffaCakes118.dll
Size

18KB
MD5

4519955084170654ca1ee9ada3df6b5f
SHA1

357ed32158743a17c1bc7143b98eb4950ae1a5b3
SHA256

96b512d7775c2f23c98cfd1d9d043288b6348076ca1c86ca7e25a0bce692b0d0
SHA512

ff58b0ccedd0dbf90747792b888eb40c08a9a2259f479dd865050c6895417fd341b24822564eae5327ce3c5ba21650c5c3f87ccfded6ddfd0e6e287a3669369f
SSDEEP

24:eFGSsQ7glF+92LFYllYEJk5cMG1Q5R5dlkALt6kECxgqgkb9jgqTLpFsXSPXS6ns:iVgl0HY53G1ChkALw/u0qTr2gBpN+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2968	2388	regsvr32.exe	29
PID 2388 wrote to memory of 2968	2388	regsvr32.exe	29
PID 2388 wrote to memory of 2968	2388	regsvr32.exe	29
PID 2388 wrote to memory of 2968	2388	regsvr32.exe	29
PID 2388 wrote to memory of 2968	2388	regsvr32.exe	29
PID 2388 wrote to memory of 2968	2388	regsvr32.exe	29
PID 2388 wrote to memory of 2968	2388	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4519955084170654ca1ee9ada3df6b5f_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4519955084170654ca1ee9ada3df6b5f_JaffaCakes118.dll
  2⤵
  PID:2968