0661b9344cf5b37d235b4a4145c7da3a089605f3df146b5e1ba37c662cdbe7f8

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 02:09

Target

5ea1a4d150c5a4ec7e881320e5dc3b63_JaffaCakes118.dll
Size

18KB
MD5

5ea1a4d150c5a4ec7e881320e5dc3b63
SHA1

55907786880c5e87f6492c0bb30982f4a1a4b751
SHA256

0661b9344cf5b37d235b4a4145c7da3a089605f3df146b5e1ba37c662cdbe7f8
SHA512

e20bfcec15a8344cda7d7a2a91545bfd98cfc4e32c254f88ab6846640449d5046a3b31922af06f6eb39611c6e8e924d6c6d329ba647306ec30dadc05f32aff76
SSDEEP

384:NcbFPayevMhczTnOyRKPJOmSFwz06obqJ+Nd8asFbfwBJhzmcc7:DygMhczzOyRKPJOmSFwz0PqoNd0oJlu

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 1672	2420	regsvr32.exe	30
PID 2420 wrote to memory of 1672	2420	regsvr32.exe	30
PID 2420 wrote to memory of 1672	2420	regsvr32.exe	30
PID 2420 wrote to memory of 1672	2420	regsvr32.exe	30
PID 2420 wrote to memory of 1672	2420	regsvr32.exe	30
PID 2420 wrote to memory of 1672	2420	regsvr32.exe	30
PID 2420 wrote to memory of 1672	2420	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5ea1a4d150c5a4ec7e881320e5dc3b63_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5ea1a4d150c5a4ec7e881320e5dc3b63_JaffaCakes118.dll
  2⤵
  PID:1672