bc62f365a3d07a2803e214fb5983e955d6aae9e8ac98461ee4ee09b5963078e6

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
16-07-2024 00:20

Target

4c09f191bdcb30d3467fc6ae5cf842e2_JaffaCakes118.dll
Size

81KB
MD5

4c09f191bdcb30d3467fc6ae5cf842e2
SHA1

c34709892fb515926e0eeaec194b7a1375dc69dd
SHA256

bc62f365a3d07a2803e214fb5983e955d6aae9e8ac98461ee4ee09b5963078e6
SHA512

16b289796be435c25473eb02db53ca236b698222f346118cb53b1b6187e95e706d5b3e4320fdfc083c5782c936c63b76f449a003413af0009f385164bb80c375
SSDEEP

1536:BGyhN9kLm38nwGxtHggg2q/owL5jBfDJONlaAEmZfn1Vl2YmFBoqdbSons8AIyop:B7+Lm35GHDg7//BArvQYmFBoWS8s8AI9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 3008	2948	regsvr32.exe	30
PID 2948 wrote to memory of 3008	2948	regsvr32.exe	30
PID 2948 wrote to memory of 3008	2948	regsvr32.exe	30
PID 2948 wrote to memory of 3008	2948	regsvr32.exe	30
PID 2948 wrote to memory of 3008	2948	regsvr32.exe	30
PID 2948 wrote to memory of 3008	2948	regsvr32.exe	30
PID 2948 wrote to memory of 3008	2948	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4c09f191bdcb30d3467fc6ae5cf842e2_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4c09f191bdcb30d3467fc6ae5cf842e2_JaffaCakes118.dll
  2⤵
  PID:3008

memory/3008-0-0x0000000000190000-0x00000000001CE000-memory.dmp

Filesize
248KB

Download