9d8ca1d82b7136ce8960be6d486bf7bf5ec156e12577eab6505b7a53eb23baeb

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 14:01

Target

462100484b1e6b9880e8ad8c43398bfa_JaffaCakes118.dll
Size

29KB
MD5

462100484b1e6b9880e8ad8c43398bfa
SHA1

27e377028067288d6d7728352a46ef7c40da4bdc
SHA256

9d8ca1d82b7136ce8960be6d486bf7bf5ec156e12577eab6505b7a53eb23baeb
SHA512

dd657c9138b0f16c0d0a3d13f8b191c13f876985fe5e77a40330a31232c81cb923b5e929a76bb8d9bb8d3196cfb6065fb51fca2c90c9b1523ce6e67723959d8c
SSDEEP

768:/KSqquxD0GQjgRJMeYGc9YGgTPdhPvid3K:FqquxD0GQSPMgJBGK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 2360	4376	regsvr32.exe	83
PID 4376 wrote to memory of 2360	4376	regsvr32.exe	83
PID 4376 wrote to memory of 2360	4376	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\462100484b1e6b9880e8ad8c43398bfa_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\462100484b1e6b9880e8ad8c43398bfa_JaffaCakes118.dll
  2⤵
  PID:2360