53c06a087bbae421641a7de9998b784b1a186f3582695f24040a362228fff266

Analysis

max time kernel
12s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 00:13

Target

6561c32fe0a1fb758cd74b6044e53896_JaffaCakes118.dll
Size

167KB
MD5

6561c32fe0a1fb758cd74b6044e53896
SHA1

3ef056ef73ff0e16fbeb62902b6648444cf8aff1
SHA256

53c06a087bbae421641a7de9998b784b1a186f3582695f24040a362228fff266
SHA512

026e2fad88c67a4d3c87b762b82714beb66d20072f9644e5b4ded24b6c0f6de25935afe2c0c1a0edcc3d58646656568fbccb9c3d140091ba74b344ca08666a91
SSDEEP

3072:qbZRB6cneosX68WkGoaKzgHHU63gUBbcrrGfR:4ZP6cetGFKcxcrr8R

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2408	1732	regsvr32.exe	29
PID 1732 wrote to memory of 2408	1732	regsvr32.exe	29
PID 1732 wrote to memory of 2408	1732	regsvr32.exe	29
PID 1732 wrote to memory of 2408	1732	regsvr32.exe	29
PID 1732 wrote to memory of 2408	1732	regsvr32.exe	29
PID 1732 wrote to memory of 2408	1732	regsvr32.exe	29
PID 1732 wrote to memory of 2408	1732	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6561c32fe0a1fb758cd74b6044e53896_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\6561c32fe0a1fb758cd74b6044e53896_JaffaCakes118.dll
  2⤵
  PID:2408

memory/2408-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download