23a35360d0e9ce954240a42bad3db4ff543ab3f5f94aeadf8428087d0e50cb3d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 10:49

Target

19d761169550c76079dccbb41b188b71_JaffaCakes118.dll
Size

47KB
MD5

19d761169550c76079dccbb41b188b71
SHA1

a5817af5afc5ab11b0c11a7a535cd6d7e1fd9ad6
SHA256

23a35360d0e9ce954240a42bad3db4ff543ab3f5f94aeadf8428087d0e50cb3d
SHA512

23bb53f828dc1c4d07d9f1b2d7c13f1364dc0ca0304f1d2824fc1c164e280f3f7b0c19970d2cdf577746d066917502c3ae6bef6c4db2d34e230f70fcb340dee1
SSDEEP

768:mSFMqQqH/Q0qCBK3plfPzLMh0O/TaNX9P9AnHveddbyc/j:xFMqdH/Q6Ul0j/2NhaKjj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1652 wrote to memory of 1696	1652	regsvr32.exe	regsvr32.exe
PID 1652 wrote to memory of 1696	1652	regsvr32.exe	regsvr32.exe
PID 1652 wrote to memory of 1696	1652	regsvr32.exe	regsvr32.exe
PID 1652 wrote to memory of 1696	1652	regsvr32.exe	regsvr32.exe
PID 1652 wrote to memory of 1696	1652	regsvr32.exe	regsvr32.exe
PID 1652 wrote to memory of 1696	1652	regsvr32.exe	regsvr32.exe
PID 1652 wrote to memory of 1696	1652	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\19d761169550c76079dccbb41b188b71_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1652

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\19d761169550c76079dccbb41b188b71_JaffaCakes118.dll
2⤵
PID:1696