3127d0933d87e19c6f5a25c6f0e738d1309da5f5f5314cd3d50f30505ab83ba9

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 17:13

Target

640ec0202573a7157b8aab0425b9040e_JaffaCakes118.dll
Size

97KB
MD5

640ec0202573a7157b8aab0425b9040e
SHA1

7a9bc36184eb3be8391b06723509750a20eb777a
SHA256

3127d0933d87e19c6f5a25c6f0e738d1309da5f5f5314cd3d50f30505ab83ba9
SHA512

45a342109843fd45f9650ef1c51e935bf49f00f305022a4d8ea38cc821720f2b650977871f26f45995f87d404e137cd88c93447b90888cfe8c87c17c540468ff
SSDEEP

1536:5MqzW7JoS7qxgY96riqT2KazWkokkkkkkotV74wooRa1rq4C:55OK1bzWkokkkkkkcVUwooRa1rx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 556	2204	regsvr32.exe	30
PID 2204 wrote to memory of 556	2204	regsvr32.exe	30
PID 2204 wrote to memory of 556	2204	regsvr32.exe	30
PID 2204 wrote to memory of 556	2204	regsvr32.exe	30
PID 2204 wrote to memory of 556	2204	regsvr32.exe	30
PID 2204 wrote to memory of 556	2204	regsvr32.exe	30
PID 2204 wrote to memory of 556	2204	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\640ec0202573a7157b8aab0425b9040e_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\640ec0202573a7157b8aab0425b9040e_JaffaCakes118.dll
  2⤵
  PID:556

memory/556-0-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download