6707a39281952b89317bd0ea7e8123536cdd85f403b3a08d8a52c1051888ddff | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 19:53

Sharing

Report Analysis Logs

General

Target

5d704668e46eb55ab206af0effcb9b3e_JaffaCakes118.dll
Size

17KB
MD5

5d704668e46eb55ab206af0effcb9b3e
SHA1

2d80c6c65b45c2ea4c651b4a0bcc01f888a3d7a2
SHA256

6707a39281952b89317bd0ea7e8123536cdd85f403b3a08d8a52c1051888ddff
SHA512

1e6c5fc02ba8ea124aa81e3004aeedd35b90b2a43fbc15fa8a6ab21dd964e996e424b78cb44a6fe82cece8e06816ee6dd8822f3d64d2908303416153370f7a78
SSDEEP

384:w41Y8CJhJSpTKZ5n4lgZyGaWgd2cOHQ5:5NyoGn4lgMHzOw5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2276	2252	regsvr32.exe	30
PID 2252 wrote to memory of 2276	2252	regsvr32.exe	30
PID 2252 wrote to memory of 2276	2252	regsvr32.exe	30
PID 2252 wrote to memory of 2276	2252	regsvr32.exe	30
PID 2252 wrote to memory of 2276	2252	regsvr32.exe	30
PID 2252 wrote to memory of 2276	2252	regsvr32.exe	30
PID 2252 wrote to memory of 2276	2252	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5d704668e46eb55ab206af0effcb9b3e_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5d704668e46eb55ab206af0effcb9b3e_JaffaCakes118.dll
  2⤵
  PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads