b2f9cc14b87a2180345f52a061e64cfc08930cac72ccf788ce795c282264583f

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 10:11

Target

ed2c9134219e6b6bb2000a042077012f_JaffaCakes118.dll
Size

185KB
MD5

ed2c9134219e6b6bb2000a042077012f
SHA1

c0777989c979aa6475640603c99a979019f79ba5
SHA256

b2f9cc14b87a2180345f52a061e64cfc08930cac72ccf788ce795c282264583f
SHA512

0166a50b3ff2ab10d06d2313aa404f828266712e83b69ebe2a19ff2cfebb174b1f6896b43e4790b039ec55451836826815627ec183d03c1b583eaa238a92633e
SSDEEP

3072:/xqiXUiyZUJT0OyO7TM6Whv9VMXT3YrCCiDLDRaeVarigDWZ1pP85KgAoutN:/xhkj+JT0x6ivHMj35PRRwrPWZ1pPPgc

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/764-0-0x0000000000640000-0x0000000000695000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4376	764	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 764	560	rundll32.exe	87
PID 560 wrote to memory of 764	560	rundll32.exe	87
PID 560 wrote to memory of 764	560	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed2c9134219e6b6bb2000a042077012f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:560
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed2c9134219e6b6bb2000a042077012f_JaffaCakes118.dll,#1
  2⤵
  PID:764
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 560
    3⤵
    - Program crash
    PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 764 -ip 764
1⤵
PID:2556

memory/764-0-0x0000000000640000-0x0000000000695000-memory.dmp

Filesize
340KB

Download