57faf4488b55ad752562a2126de962c9884fcebc2c0b45ce8614f1f74af8d27d

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 11:41

Target

5bcba5e388292b0c042fa3b62186ffe8_JaffaCakes118.dll
Size

176KB
MD5

5bcba5e388292b0c042fa3b62186ffe8
SHA1

c3e389a2e4e0e6c0ae17fbff34670bc0e0a2f7b4
SHA256

57faf4488b55ad752562a2126de962c9884fcebc2c0b45ce8614f1f74af8d27d
SHA512

e3f2f24287d14acfb778537b000df06619ea80d96fc543dba93479d203bfc585fece0506f8fae68aae1d1e643eb3d084e29b92ae83dd4fc047d9ba93cc6b1829
SSDEEP

3072:/BXLVMhsx5FwYH5PgAp2DMelYBFeM4FcCG7TCnp5cvLi22yT:/BXLUI5H5PgFMwAcM4RG7TTvL32yT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 2280	1864	regsvr32.exe	30
PID 1864 wrote to memory of 2280	1864	regsvr32.exe	30
PID 1864 wrote to memory of 2280	1864	regsvr32.exe	30
PID 1864 wrote to memory of 2280	1864	regsvr32.exe	30
PID 1864 wrote to memory of 2280	1864	regsvr32.exe	30
PID 1864 wrote to memory of 2280	1864	regsvr32.exe	30
PID 1864 wrote to memory of 2280	1864	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5bcba5e388292b0c042fa3b62186ffe8_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5bcba5e388292b0c042fa3b62186ffe8_JaffaCakes118.dll
  2⤵
  PID:2280