9b4a9519e43357961ec1300411f824d1888d3740c6359cf843acce8fed4b1e5d

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 12:43

Target

f114cec1aacd1b83e6e276b2a0410a45_JaffaCakes118.dll
Size

17KB
MD5

f114cec1aacd1b83e6e276b2a0410a45
SHA1

094844feb782803078269ef1a72941ea72fd683e
SHA256

9b4a9519e43357961ec1300411f824d1888d3740c6359cf843acce8fed4b1e5d
SHA512

987e6ad25ab975819c79fc20b0fe3ae65e2e6ba8b176a3156fea04588fea3c7b134659fbc0b374d6783881ac8c9b77370ed375f8d768aced21306a927d20371e
SSDEEP

384:E+5Y3Czz0w0JG4bcWfipLMwS3gqYJO3aLn/GhmTXWDXW:TcXw0UwfiNrb1Lnym0

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2800-0-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2800-1-0x0000000000400000-0x0000000000411000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2800	2764	rundll32.exe	28
PID 2764 wrote to memory of 2800	2764	rundll32.exe	28
PID 2764 wrote to memory of 2800	2764	rundll32.exe	28
PID 2764 wrote to memory of 2800	2764	rundll32.exe	28
PID 2764 wrote to memory of 2800	2764	rundll32.exe	28
PID 2764 wrote to memory of 2800	2764	rundll32.exe	28
PID 2764 wrote to memory of 2800	2764	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f114cec1aacd1b83e6e276b2a0410a45_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f114cec1aacd1b83e6e276b2a0410a45_JaffaCakes118.dll,#1
  2⤵
  PID:2800

memory/2800-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2800-1-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download