ca8305ad6dd6185addc395cd87af6dddd6c8ecd476b62d8759c1371e1bb13673

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 19:19

Target

5d4ef4f9a0d74437b1e7caaac4780b06_JaffaCakes118.dll
Size

59KB
MD5

5d4ef4f9a0d74437b1e7caaac4780b06
SHA1

7039af965f673fbff7a5ac91d5a0133d138f7e9d
SHA256

ca8305ad6dd6185addc395cd87af6dddd6c8ecd476b62d8759c1371e1bb13673
SHA512

45a586f41cb81e40fa6fa445360402e0152b7bd082a48c09a6cfa10240928af0b147863d2945689b5d81b172dfcb7a9b0e3ff3a71c918860749312e9ac4db1a1
SSDEEP

1536:pIyHTJKlvLaDFOQsnyuKzzRi90Yv9KSd+pxJDIxiAv8MmD:pIeMDaOQsh8YUa+1rA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 1396	2108	regsvr32.exe	30
PID 2108 wrote to memory of 1396	2108	regsvr32.exe	30
PID 2108 wrote to memory of 1396	2108	regsvr32.exe	30
PID 2108 wrote to memory of 1396	2108	regsvr32.exe	30
PID 2108 wrote to memory of 1396	2108	regsvr32.exe	30
PID 2108 wrote to memory of 1396	2108	regsvr32.exe	30
PID 2108 wrote to memory of 1396	2108	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5d4ef4f9a0d74437b1e7caaac4780b06_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5d4ef4f9a0d74437b1e7caaac4780b06_JaffaCakes118.dll
  2⤵
  PID:1396

memory/1396-0-0x0000000000290000-0x00000000002CA000-memory.dmp

Filesize
232KB

Download
memory/1396-1-0x0000000000290000-0x00000000002CA000-memory.dmp

Filesize
232KB

Download