d7ec88e68132285ddd25d7f012e41aef98a2e053647035194396f05153b18993

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 15:54

Target

4681553d3abb67aed4a2cf7a988b276d_JaffaCakes118.dll
Size

100KB
MD5

4681553d3abb67aed4a2cf7a988b276d
SHA1

d427db130b76e50a9c2f602adfdc8505fcfae6d1
SHA256

d7ec88e68132285ddd25d7f012e41aef98a2e053647035194396f05153b18993
SHA512

c4fcf7fb12658a7fdf6e4de8af6fd87b705b69da3b2d5a0cb283e12a8ca8a9393d73fa4b48582492c83e51b32c873ed737a17f277935b434dc38ea6ab7f163a4
SSDEEP

3072:0bXTjlB1kbOi4ELwWPD8jvyv60iddjW4shQGrO1Jx20o:07TjyOi4qV8jKvJiXS4shQGr6n2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2864	2324	regsvr32.exe	30
PID 2324 wrote to memory of 2864	2324	regsvr32.exe	30
PID 2324 wrote to memory of 2864	2324	regsvr32.exe	30
PID 2324 wrote to memory of 2864	2324	regsvr32.exe	30
PID 2324 wrote to memory of 2864	2324	regsvr32.exe	30
PID 2324 wrote to memory of 2864	2324	regsvr32.exe	30
PID 2324 wrote to memory of 2864	2324	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4681553d3abb67aed4a2cf7a988b276d_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4681553d3abb67aed4a2cf7a988b276d_JaffaCakes118.dll
  2⤵
  PID:2864

memory/2864-0-0x0000000000570000-0x00000000005B6000-memory.dmp

Filesize
280KB

Download