90a95cd552cf1a0385bc8ceef527ba4e85a82c7319e9740f4c15e134df595e8a

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 18:06

Target

60dfa7dd588d7a49e7939b9f5cc5a952_JaffaCakes118.dll
Size

63KB
MD5

60dfa7dd588d7a49e7939b9f5cc5a952
SHA1

ff5a158b1a8f8c2d60a1b4bcb3ee953040f6b766
SHA256

90a95cd552cf1a0385bc8ceef527ba4e85a82c7319e9740f4c15e134df595e8a
SHA512

3ab13d8ce86eac041d907e1de881d1081f68746d28ba8e703a265d2a7a020accee32d67ef7de265e321c98f38ba0a2d9fb065239bdf519513fc13855963976c1
SSDEEP

768:QzaGKaOVOK/kt8bZD2q6xoABNRS913cwT5c4FvpVTlvK13JQM4jrzjUZuUnm5Ubg:oObiG23oM4FBrrzjVUm5vFYvbp

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1936	regsvr32.exe
1936	regsvr32.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 1936	2280	regsvr32.exe	30
PID 2280 wrote to memory of 1936	2280	regsvr32.exe	30
PID 2280 wrote to memory of 1936	2280	regsvr32.exe	30
PID 2280 wrote to memory of 1936	2280	regsvr32.exe	30
PID 2280 wrote to memory of 1936	2280	regsvr32.exe	30
PID 2280 wrote to memory of 1936	2280	regsvr32.exe	30
PID 2280 wrote to memory of 1936	2280	regsvr32.exe	30
PID 1936 wrote to memory of 1196	1936	regsvr32.exe	21

memory/1196-1-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/1936-0-0x0000000000170000-0x0000000000183000-memory.dmp

Filesize
76KB

Download