8cc140f6a0e5f94005e421b80f5b4597a217baf74df99215837a43cb75758208

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 18:52

Target

5d39d5a9b7d23ccb1b3619abdcfc7926_JaffaCakes118.dll
Size

323KB
MD5

5d39d5a9b7d23ccb1b3619abdcfc7926
SHA1

4402d622bd7c8c7160856df1c214ed65411d6595
SHA256

8cc140f6a0e5f94005e421b80f5b4597a217baf74df99215837a43cb75758208
SHA512

044a9265c0e753c2b8cc3d0ae8da8d39ac70d8d76398ca56a6685080f5cd0d840d7c4b96dc51c383992abf7f37d2115e5a94db4797c8bf70341b984f2d268ec4
SSDEEP

6144:siT4htE7es3FInzIMjIj9soIIYvSSghgTNQmw2yU7sys5gU3o7gngnMaIwr+juMS:sgrl2cBJqGu1omge

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2992	2512	regsvr32.exe	31
PID 2512 wrote to memory of 2992	2512	regsvr32.exe	31
PID 2512 wrote to memory of 2992	2512	regsvr32.exe	31
PID 2512 wrote to memory of 2992	2512	regsvr32.exe	31
PID 2512 wrote to memory of 2992	2512	regsvr32.exe	31
PID 2512 wrote to memory of 2992	2512	regsvr32.exe	31
PID 2512 wrote to memory of 2992	2512	regsvr32.exe	31

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5d39d5a9b7d23ccb1b3619abdcfc7926_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5d39d5a9b7d23ccb1b3619abdcfc7926_JaffaCakes118.dll
  2⤵
  PID:2992

memory/2992-0-0x000000006CCF0000-0x000000006CD43000-memory.dmp

Filesize
332KB

Download