1894fd120b95fef68cae5613272e77dc4f10821c78105d354699b13b96a5fc4e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 19:02

Target

4afe8a4aecfa1b7cf627657b5c57c6d9_JaffaCakes118.dll
Size

85KB
MD5

4afe8a4aecfa1b7cf627657b5c57c6d9
SHA1

588924dfd0bafe8247a42af7a658b4b35098773f
SHA256

1894fd120b95fef68cae5613272e77dc4f10821c78105d354699b13b96a5fc4e
SHA512

abbf2826889eb5345c69297eb1f1c8ccf13ee651230354d2db0a9e1ea4a737c8649dc4a0471c6d219375c164ce4a325cefa96b3468e4b75ec04daf71ec748d87
SSDEEP

1536:3oIivf2pM/0AL5PtzBt9922+Xsz4rbaZo5lXoUn/Bn8xg5iWqUrCjffSnGbz1i4V:3oIivQA5PtVfF+XszUbt//B8xd9g6fjL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2568	1996	regsvr32.exe	29
PID 1996 wrote to memory of 2568	1996	regsvr32.exe	29
PID 1996 wrote to memory of 2568	1996	regsvr32.exe	29
PID 1996 wrote to memory of 2568	1996	regsvr32.exe	29
PID 1996 wrote to memory of 2568	1996	regsvr32.exe	29
PID 1996 wrote to memory of 2568	1996	regsvr32.exe	29
PID 1996 wrote to memory of 2568	1996	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4afe8a4aecfa1b7cf627657b5c57c6d9_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4afe8a4aecfa1b7cf627657b5c57c6d9_JaffaCakes118.dll
  2⤵
  PID:2568

memory/2568-0-0x0000000000190000-0x00000000001D3000-memory.dmp

Filesize
268KB

Download