a5ad42aa5321aa196361b6ce4b79c35c036c56a0213152dd1703acc25bc5149c

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 18:25

Target

4ade80cb3522fc3caee9be4c2cf33071_JaffaCakes118.dll
Size

324KB
MD5

4ade80cb3522fc3caee9be4c2cf33071
SHA1

a0610f4df507f48a25b6575eafc96d7df2f4a619
SHA256

a5ad42aa5321aa196361b6ce4b79c35c036c56a0213152dd1703acc25bc5149c
SHA512

e9c4e2d345fbdd7c5debc72792f1387667a6d77ce530e37687cbcf7ccc58dca2c016e85866758c58386d3bdfb432e602ba3121183e0a34133e4f5e81a95d6229
SSDEEP

6144:eKtDP9elqi0AOROne1mR2wF+M0ZibHykbxKprM5LDJme3:eKtYlqi09ROne1mRPF+MmCH1tKprMpNF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 1872	1716	regsvr32.exe	30
PID 1716 wrote to memory of 1872	1716	regsvr32.exe	30
PID 1716 wrote to memory of 1872	1716	regsvr32.exe	30
PID 1716 wrote to memory of 1872	1716	regsvr32.exe	30
PID 1716 wrote to memory of 1872	1716	regsvr32.exe	30
PID 1716 wrote to memory of 1872	1716	regsvr32.exe	30
PID 1716 wrote to memory of 1872	1716	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4ade80cb3522fc3caee9be4c2cf33071_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4ade80cb3522fc3caee9be4c2cf33071_JaffaCakes118.dll
  2⤵
  PID:1872

memory/1872-0-0x000000004C0C0000-0x000000004C111000-memory.dmp

Filesize
324KB

Download