63eab86a00c7ad5f9c04b58edd89b2280be403ed3a439352c1f9fb9c12fb6a3f

Analysis

max time kernel
13s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 16:11

Target

63de860aa776d6abe9c3f134f933ab25_JaffaCakes118.dll
Size

48KB
MD5

63de860aa776d6abe9c3f134f933ab25
SHA1

21d5360701e051eada68084e040c12d5fbacb0e1
SHA256

63eab86a00c7ad5f9c04b58edd89b2280be403ed3a439352c1f9fb9c12fb6a3f
SHA512

ae9c381c04b22d229dce13c01e7f778cb69c2bf6434683f62fa326451db135a8066809490c5a0ad68670fe3893d208e66057d39d970c089bea42bec79332383c
SSDEEP

768:impM8V/5Q1GuorD8lQbyVXbWiHCjMAnLVrxA6Oz1MxBX4xOHp7v:iajG6kJoiHCj/nLrxBcQ7v

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 1952	2488	regsvr32.exe	28
PID 2488 wrote to memory of 1952	2488	regsvr32.exe	28
PID 2488 wrote to memory of 1952	2488	regsvr32.exe	28
PID 2488 wrote to memory of 1952	2488	regsvr32.exe	28
PID 2488 wrote to memory of 1952	2488	regsvr32.exe	28
PID 2488 wrote to memory of 1952	2488	regsvr32.exe	28
PID 2488 wrote to memory of 1952	2488	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\63de860aa776d6abe9c3f134f933ab25_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\63de860aa776d6abe9c3f134f933ab25_JaffaCakes118.dll
  2⤵
  PID:1952

memory/1952-0-0x00000000001A0000-0x00000000001B1000-memory.dmp

Filesize
68KB

Download