77852eedc6431f6ebb59cbc6224491a1fe13ceafa1cc0f7306dc7837713bb218

Analysis

max time kernel
140s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 14:02

Target

67dc2532e403def779b8143b00ee4586_JaffaCakes118.dll
Size

51KB
MD5

67dc2532e403def779b8143b00ee4586
SHA1

d8abbcff93ac31cb61bee776c7205890d4a289d1
SHA256

77852eedc6431f6ebb59cbc6224491a1fe13ceafa1cc0f7306dc7837713bb218
SHA512

16f88986b4be6d2986139681c3b54e0a4e45bb486b34ab53bc89adbbfbe137b642478311dcdc4e1714793fbb4251c4d3b2b1b9c588595e6793d7ba7f21c4c5c5
SSDEEP

768:Oh+yDEMZzBf4ssfv7PJQfhbanF0YthQZjxG7NFAuHbgrUEPAp8mZ:ODoMdBXs37Picnl/yNcFEPAp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 3584	2576	regsvr32.exe	84
PID 2576 wrote to memory of 3584	2576	regsvr32.exe	84
PID 2576 wrote to memory of 3584	2576	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\67dc2532e403def779b8143b00ee4586_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\67dc2532e403def779b8143b00ee4586_JaffaCakes118.dll
  2⤵
  PID:3584