18c56168c5f7ab6e546aea6268b00625b0c7d80de2be67903475627ec800696c

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 13:47

Target

49f16f0a6df7cf01e732def84cb28d22_JaffaCakes118.dll
Size

30KB
MD5

49f16f0a6df7cf01e732def84cb28d22
SHA1

5b0f0146b8414ef36b8f988d2ef0ed0dab0bd7f3
SHA256

18c56168c5f7ab6e546aea6268b00625b0c7d80de2be67903475627ec800696c
SHA512

75317d87a08d9beee51a0f3a4c70f92cbcd0418e21d749f0b1149efec9e2dd4462d7e9178042772718c1c258da2c09ce273385346acbec3f400529542aba1532
SSDEEP

768:gOUANfS5GXtmD0NvNP9ZJLwrH11eJrtLJFADrt2I9w:gOkWm45h9ZJLCbethQDrthw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 1964	2092	regsvr32.exe	30
PID 2092 wrote to memory of 1964	2092	regsvr32.exe	30
PID 2092 wrote to memory of 1964	2092	regsvr32.exe	30
PID 2092 wrote to memory of 1964	2092	regsvr32.exe	30
PID 2092 wrote to memory of 1964	2092	regsvr32.exe	30
PID 2092 wrote to memory of 1964	2092	regsvr32.exe	30
PID 2092 wrote to memory of 1964	2092	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\49f16f0a6df7cf01e732def84cb28d22_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\49f16f0a6df7cf01e732def84cb28d22_JaffaCakes118.dll
  2⤵
  PID:1964

memory/1964-0-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download