13e3e22af4025106db658bf31a23653c29f0f1492b7c1b388403b84904f400c8

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 21:51

Target

fb3de10a8f3cb5be24ea4fb6caf5dfd1_JaffaCakes118.dll
Size

17KB
MD5

fb3de10a8f3cb5be24ea4fb6caf5dfd1
SHA1

e3af799549b242302d3f8ddebdf343c911e68362
SHA256

13e3e22af4025106db658bf31a23653c29f0f1492b7c1b388403b84904f400c8
SHA512

5559d8b6999a87272f7da38231581544ea8f05ba4d77233142aca547576e0f846b8d739f107682a22632e555aa336edfd00c9ce86fff8239d865de9e88837eb2
SSDEEP

384:r2/qeFch4JwraofcJ39Qw7n7RnVI4j9dg/Qlsf2F2i:r+gr1cPQwBVIO9v/2

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4744-0-0x0000000010000000-0x000000001001A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 4744	1712	regsvr32.exe	86
PID 1712 wrote to memory of 4744	1712	regsvr32.exe	86
PID 1712 wrote to memory of 4744	1712	regsvr32.exe	86

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fb3de10a8f3cb5be24ea4fb6caf5dfd1_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\fb3de10a8f3cb5be24ea4fb6caf5dfd1_JaffaCakes118.dll
  2⤵
  PID:4744

memory/4744-0-0x0000000010000000-0x000000001001A000-memory.dmp

Filesize
104KB

Download