e1557c8b78d135822e4c55c5a052c70a425e861c3997190b9de42c75430c338d

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 00:07

Target

61fbb5a9fb649f7e9084b9ec9b31f4a6_JaffaCakes118.dll
Size

66KB
MD5

61fbb5a9fb649f7e9084b9ec9b31f4a6
SHA1

96137dd1c44cffef425b591dc031aad01beab141
SHA256

e1557c8b78d135822e4c55c5a052c70a425e861c3997190b9de42c75430c338d
SHA512

00931e8962023b6cf0df2045c090704680147c1e8ba2f00e918a0e613415a4d2b5924d4cde41676df7de2d2f68bb8793f031936e7eb4bcc4e3d5e685dbf8fb41
SSDEEP

1536:PE/VjmTUx/m3L3f23WpDE/VjmTUx/m3L3f23Wp:OjwA/CjFpSjwA/CjFp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 1864	1640	regsvr32.exe	30
PID 1640 wrote to memory of 1864	1640	regsvr32.exe	30
PID 1640 wrote to memory of 1864	1640	regsvr32.exe	30
PID 1640 wrote to memory of 1864	1640	regsvr32.exe	30
PID 1640 wrote to memory of 1864	1640	regsvr32.exe	30
PID 1640 wrote to memory of 1864	1640	regsvr32.exe	30
PID 1640 wrote to memory of 1864	1640	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\61fbb5a9fb649f7e9084b9ec9b31f4a6_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\61fbb5a9fb649f7e9084b9ec9b31f4a6_JaffaCakes118.dll
  2⤵
  PID:1864

memory/1864-0-0x0000000000150000-0x000000000015E000-memory.dmp

Filesize
56KB

Download