7d9506af394bac59f530d0b0693902636c19b171c4d75fa457fe5fbdb259983b

Analysis

max time kernel
92s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 10:02

Target

4dd3c68dede3796b55d40526e7b47c83_JaffaCakes118.dll
Size

25KB
MD5

4dd3c68dede3796b55d40526e7b47c83
SHA1

bd30193d559bf670ad8a8cbc7f0329cbc0f3b1ab
SHA256

7d9506af394bac59f530d0b0693902636c19b171c4d75fa457fe5fbdb259983b
SHA512

3b7b73ca0da85f4837547679cac064319df313d52584f9af89aede25501a606876e654481cb4321e9a7ba4a4ab29cd7f0d8e4aab072811b0dd6bc797f6645b6a
SSDEEP

384:97dxz0CuAkqd+1TkQattckmCLPlpzLA7GRxvAz5rWQNcG:9gCuVqdSAQWPmCLnBxI5rWhG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 736	3140	regsvr32.exe	83
PID 3140 wrote to memory of 736	3140	regsvr32.exe	83
PID 3140 wrote to memory of 736	3140	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4dd3c68dede3796b55d40526e7b47c83_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4dd3c68dede3796b55d40526e7b47c83_JaffaCakes118.dll
  2⤵
  PID:736