d4c3f5635f4144013d30d955109ad780fd562921733adb869ad768b34526949b

Analysis

max time kernel
16s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 18:57

Target

5d3e4aa7e94816d94518af5006913950_JaffaCakes118.dll
Size

126KB
MD5

5d3e4aa7e94816d94518af5006913950
SHA1

39656141135bb8c3c859930e8d7640b7783a56f9
SHA256

d4c3f5635f4144013d30d955109ad780fd562921733adb869ad768b34526949b
SHA512

fe270c8814994311be729858396ddfdeea229d34ce352d084684c260cabb1c22ba6541b80b6069186bd81b3cc145a90e26ccd0492a42cfe9509cbc7aa44ba48c
SSDEEP

3072:jMpULWUYD1FoYehxX7rLrJ2NWynkRNBI6P1qiyO:AGqUOuvhdn7IM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 1656	1212	regsvr32.exe	30
PID 1212 wrote to memory of 1656	1212	regsvr32.exe	30
PID 1212 wrote to memory of 1656	1212	regsvr32.exe	30
PID 1212 wrote to memory of 1656	1212	regsvr32.exe	30
PID 1212 wrote to memory of 1656	1212	regsvr32.exe	30
PID 1212 wrote to memory of 1656	1212	regsvr32.exe	30
PID 1212 wrote to memory of 1656	1212	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5d3e4aa7e94816d94518af5006913950_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5d3e4aa7e94816d94518af5006913950_JaffaCakes118.dll
  2⤵
  PID:1656

memory/1656-0-0x0000000000160000-0x0000000000184000-memory.dmp

Filesize
144KB

Download