11d10b99e01cd6d8876e207ed007dbb63e0abfcd91dce3ba311ea80741a83884

Analysis

max time kernel
10s
max time network
15s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 07:40

Target

5f9b313725bc7d85897851caafec518c_JaffaCakes118.dll
Size

54KB
MD5

5f9b313725bc7d85897851caafec518c
SHA1

c8ab693cc174d01b1c1ed0a100860217b06ebe2a
SHA256

11d10b99e01cd6d8876e207ed007dbb63e0abfcd91dce3ba311ea80741a83884
SHA512

1a8af248f6203414e594061b95f36b47cbd92d60622491bc0027269b0b049b3910a907d7b4cb34f5f484b3df3188a02031475d4b9fcf26f4e0fab0cacde952c2
SSDEEP

768:P0c89T50klzIF3XcXYuKKqbGLmroSF9mOD+Looi8J65mx7Nj8Fjv7q6foRnhgedJ:c/T5jq3sXYC+oRW+k865DjfoRnhTVj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2336	2884	regsvr32.exe	29
PID 2884 wrote to memory of 2336	2884	regsvr32.exe	29
PID 2884 wrote to memory of 2336	2884	regsvr32.exe	29
PID 2884 wrote to memory of 2336	2884	regsvr32.exe	29
PID 2884 wrote to memory of 2336	2884	regsvr32.exe	29
PID 2884 wrote to memory of 2336	2884	regsvr32.exe	29
PID 2884 wrote to memory of 2336	2884	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5f9b313725bc7d85897851caafec518c_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5f9b313725bc7d85897851caafec518c_JaffaCakes118.dll
  2⤵
  PID:2336

memory/2336-0-0x00000000001C0000-0x00000000001D2000-memory.dmp

Filesize
72KB

Download