9b4a9519e43357961ec1300411f824d1888d3740c6359cf843acce8fed4b1e5d

Analysis

max time kernel
107s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 12:43

Target

f114cec1aacd1b83e6e276b2a0410a45_JaffaCakes118.dll
Size

17KB
MD5

f114cec1aacd1b83e6e276b2a0410a45
SHA1

094844feb782803078269ef1a72941ea72fd683e
SHA256

9b4a9519e43357961ec1300411f824d1888d3740c6359cf843acce8fed4b1e5d
SHA512

987e6ad25ab975819c79fc20b0fe3ae65e2e6ba8b176a3156fea04588fea3c7b134659fbc0b374d6783881ac8c9b77370ed375f8d768aced21306a927d20371e
SSDEEP

384:E+5Y3Czz0w0JG4bcWfipLMwS3gqYJO3aLn/GhmTXWDXW:TcXw0UwfiNrb1Lnym0

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3292-0-0x00000000009B0000-0x00000000009C1000-memory.dmp	upx
behavioral2/memory/3292-1-0x00000000009B0000-0x00000000009C1000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 3292	1076	rundll32.exe	86
PID 1076 wrote to memory of 3292	1076	rundll32.exe	86
PID 1076 wrote to memory of 3292	1076	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f114cec1aacd1b83e6e276b2a0410a45_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f114cec1aacd1b83e6e276b2a0410a45_JaffaCakes118.dll,#1
  2⤵
  PID:3292

memory/3292-0-0x00000000009B0000-0x00000000009C1000-memory.dmp

Filesize
68KB

Download
memory/3292-1-0x00000000009B0000-0x00000000009C1000-memory.dmp

Filesize
68KB

Download