6707a39281952b89317bd0ea7e8123536cdd85f403b3a08d8a52c1051888ddff | Triage

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 19:53

Sharing

Report Analysis Logs

General

Target

5d704668e46eb55ab206af0effcb9b3e_JaffaCakes118.dll
Size

17KB
MD5

5d704668e46eb55ab206af0effcb9b3e
SHA1

2d80c6c65b45c2ea4c651b4a0bcc01f888a3d7a2
SHA256

6707a39281952b89317bd0ea7e8123536cdd85f403b3a08d8a52c1051888ddff
SHA512

1e6c5fc02ba8ea124aa81e3004aeedd35b90b2a43fbc15fa8a6ab21dd964e996e424b78cb44a6fe82cece8e06816ee6dd8822f3d64d2908303416153370f7a78
SSDEEP

384:w41Y8CJhJSpTKZ5n4lgZyGaWgd2cOHQ5:5NyoGn4lgMHzOw5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 2960	4484	regsvr32.exe	84
PID 4484 wrote to memory of 2960	4484	regsvr32.exe	84
PID 4484 wrote to memory of 2960	4484	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5d704668e46eb55ab206af0effcb9b3e_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5d704668e46eb55ab206af0effcb9b3e_JaffaCakes118.dll
  2⤵
  PID:2960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads