0ca00b9611fdb5ca90f685bc0b920a78855c6288cd126199f60bdee37b4936e4

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 02:15

Target

f2753bce127bbee35a943ffc9e8cc27f_JaffaCakes118.dll
Size

67KB
MD5

f2753bce127bbee35a943ffc9e8cc27f
SHA1

fa15bd732c9ff34ba8a3c0430e57d041ef5241f5
SHA256

0ca00b9611fdb5ca90f685bc0b920a78855c6288cd126199f60bdee37b4936e4
SHA512

4d044568998a07e1a0586d359fa0a59c08af6fcabf2c41a4046fa76cdcc7e4bf7be097cc91d8e6a96457d15c1f7d85f1d6e64e4d25e04044ddcd739dddcf495c
SSDEEP

768:qrvM6DbZV7xwMmotOpiVVMZiWWztKZptHh2XkpkTDAiXc7zsTwGp5UtcaUTIRS:ovfYvpirL5tCXBYk9iX4IwGicnTIRS

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2720-0-0x0000000000760000-0x000000000076D000-memory.dmp	upx
behavioral1/memory/2720-4-0x0000000000760000-0x000000000076D000-memory.dmp	upx
behavioral1/memory/2720-5-0x0000000000760000-0x000000000076D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2720	2220	rundll32.exe	28
PID 2220 wrote to memory of 2720	2220	rundll32.exe	28
PID 2220 wrote to memory of 2720	2220	rundll32.exe	28
PID 2220 wrote to memory of 2720	2220	rundll32.exe	28
PID 2220 wrote to memory of 2720	2220	rundll32.exe	28
PID 2220 wrote to memory of 2720	2220	rundll32.exe	28
PID 2220 wrote to memory of 2720	2220	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2753bce127bbee35a943ffc9e8cc27f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2753bce127bbee35a943ffc9e8cc27f_JaffaCakes118.dll,#1
  2⤵
  PID:2720

memory/2720-1-0x0000000000740000-0x0000000000746000-memory.dmp

Filesize
24KB

Download
memory/2720-0-0x0000000000760000-0x000000000076D000-memory.dmp

Filesize
52KB

Download
memory/2720-4-0x0000000000760000-0x000000000076D000-memory.dmp

Filesize
52KB

Download
memory/2720-5-0x0000000000760000-0x000000000076D000-memory.dmp

Filesize
52KB

Download
memory/2720-6-0x0000000000766000-0x000000000076C000-memory.dmp

Filesize
24KB

Download
memory/2720-7-0x0000000000761000-0x0000000000766000-memory.dmp

Filesize
20KB

Download