9b148cf6d71f1617e1dd6ffb6b370110d0e0ce05d76f436885424b90dcbeadd0

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 14:17

Target

462c69e8c0492c78906eef520abee2c2_JaffaCakes118.dll
Size

90KB
MD5

462c69e8c0492c78906eef520abee2c2
SHA1

f9f28edf486dff70d0167247794c1a397baf65a9
SHA256

9b148cf6d71f1617e1dd6ffb6b370110d0e0ce05d76f436885424b90dcbeadd0
SHA512

3b99125f757787e799c2e738c923149296732acbf1cce7ddd8f99b497d9c9f7eb93ba12edfc4babdcbc152e8c603b96fd5ac7001ef3d7221ee98d242613fe3f3
SSDEEP

1536:Y0va0JHyofBv/DXie5XUxvRyHXl3m48zwtSbvpD8iAmiO5irtULK:YgBBDSVxvRkxSw2hnU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2632	2072	regsvr32.exe	30
PID 2072 wrote to memory of 2632	2072	regsvr32.exe	30
PID 2072 wrote to memory of 2632	2072	regsvr32.exe	30
PID 2072 wrote to memory of 2632	2072	regsvr32.exe	30
PID 2072 wrote to memory of 2632	2072	regsvr32.exe	30
PID 2072 wrote to memory of 2632	2072	regsvr32.exe	30
PID 2072 wrote to memory of 2632	2072	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\462c69e8c0492c78906eef520abee2c2_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\462c69e8c0492c78906eef520abee2c2_JaffaCakes118.dll
  2⤵
  PID:2632

memory/2632-0-0x0000000000250000-0x0000000000296000-memory.dmp

Filesize
280KB

Download