60644d771ddf57686d4c41062f1618bc237b01029759d03eeeb8dc8706af237d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 00:29

Target

59bca88bc364560df601c15cbe5427dd_JaffaCakes118.dll
Size

227KB
MD5

59bca88bc364560df601c15cbe5427dd
SHA1

27e33686b3068b91634173c8d58aea2744f1c4e5
SHA256

60644d771ddf57686d4c41062f1618bc237b01029759d03eeeb8dc8706af237d
SHA512

f9084ac62c34842c246102fa367e7bccc556e344696fb4e302012b9696fbf2f613a44bfcc62a6108b735dc12c61934d04662482f9af39cbf5f100fe354342afe
SSDEEP

6144:BkGV4OjkGV4OjkGV4OjkGV4OjkGV4OjkGV4OjkGV4O:BkGVDkGVDkGVDkGVDkGVDkGVDkGV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2344	2340	regsvr32.exe	30
PID 2340 wrote to memory of 2344	2340	regsvr32.exe	30
PID 2340 wrote to memory of 2344	2340	regsvr32.exe	30
PID 2340 wrote to memory of 2344	2340	regsvr32.exe	30
PID 2340 wrote to memory of 2344	2340	regsvr32.exe	30
PID 2340 wrote to memory of 2344	2340	regsvr32.exe	30
PID 2340 wrote to memory of 2344	2340	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\59bca88bc364560df601c15cbe5427dd_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\59bca88bc364560df601c15cbe5427dd_JaffaCakes118.dll
  2⤵
  PID:2344

memory/2344-0-0x0000000000130000-0x000000000013E000-memory.dmp

Filesize
56KB

Download