8ae5ff1b5f8ecf0aced1b8a519d705289b8e7296485e5866b3b04ee04500d84d

Analysis

max time kernel
118s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 20:17

Target

613f7e5fd76f2a0df1a7611b052de3e6_JaffaCakes118.dll
Size

160KB
MD5

613f7e5fd76f2a0df1a7611b052de3e6
SHA1

bbba110d0aeae35a3ab5cfb4d9a39cd9c5d91d3f
SHA256

8ae5ff1b5f8ecf0aced1b8a519d705289b8e7296485e5866b3b04ee04500d84d
SHA512

52f5e1473522e3fdce279aae679a4c3eb6bf22d9fbc27edf27de2d0b7d1dc5b9de17c7bcc66b0ad2b7c38f75c559c1721f939a0bb2248796d5d3fa651c95dc1d
SSDEEP

1536:VQfxBy15yh6keJu/tw/yZXZTXZ1ic82DWR8J9bhICS4At8zfih8omBGLaggnKp4i:VQfzy15yh6k8gGu8gbKUzfu8om7ggn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 1660	4864	regsvr32.exe	84
PID 4864 wrote to memory of 1660	4864	regsvr32.exe	84
PID 4864 wrote to memory of 1660	4864	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\613f7e5fd76f2a0df1a7611b052de3e6_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\613f7e5fd76f2a0df1a7611b052de3e6_JaffaCakes118.dll
  2⤵
  PID:1660