717017af9609e442028d0b360e5238769668de001bfa0372e02e49c9bab911ec

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 15:14

Target

fd0d050622e4454448c3200cedb5e8a9_JaffaCakes118.dll
Size

743KB
MD5

fd0d050622e4454448c3200cedb5e8a9
SHA1

c44b35665179a82f8909fcc5880b756a5bd4aa16
SHA256

717017af9609e442028d0b360e5238769668de001bfa0372e02e49c9bab911ec
SHA512

cb88edebdf6980390fd237c349e5c56b8d2ddc28d268cfae154a434e804a2911805292b84b665cfd00bd80e64577a7cad3be5ae05eff88ebcafaf1fb67cc6d0e
SSDEEP

12288:Tf68zjnT+2a8+p0/IARbJkale360zCA9JK7LdBzSZd6Z/+rXm5AQKa8/VyFcajNp:Tjjny2a8S0/1EaleYUKn2ZY2TmAQN0Vi

Score

7^/10

vmprotect

VMProtect packed file 5 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/2056-0-0x0000000001DE0000-0x0000000001F94000-memory.dmp	vmprotect
behavioral1/memory/2056-1-0x0000000001DE0000-0x0000000001F94000-memory.dmp	vmprotect
behavioral1/memory/2056-2-0x0000000001DE0000-0x0000000001F94000-memory.dmp	vmprotect
behavioral1/memory/2056-3-0x0000000001DE0000-0x0000000001F94000-memory.dmp	vmprotect
behavioral1/memory/2056-4-0x0000000001DE0000-0x0000000001F94000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2056	1368	rundll32.exe	28
PID 1368 wrote to memory of 2056	1368	rundll32.exe	28
PID 1368 wrote to memory of 2056	1368	rundll32.exe	28
PID 1368 wrote to memory of 2056	1368	rundll32.exe	28
PID 1368 wrote to memory of 2056	1368	rundll32.exe	28
PID 1368 wrote to memory of 2056	1368	rundll32.exe	28
PID 1368 wrote to memory of 2056	1368	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd0d050622e4454448c3200cedb5e8a9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd0d050622e4454448c3200cedb5e8a9_JaffaCakes118.dll,#1
  2⤵
  PID:2056

memory/2056-0-0x0000000001DE0000-0x0000000001F94000-memory.dmp

Filesize
1.7MB

Download
memory/2056-1-0x0000000001DE0000-0x0000000001F94000-memory.dmp

Filesize
1.7MB

Download
memory/2056-2-0x0000000001DE0000-0x0000000001F94000-memory.dmp

Filesize
1.7MB

Download
memory/2056-3-0x0000000001DE0000-0x0000000001F94000-memory.dmp

Filesize
1.7MB

Download
memory/2056-4-0x0000000001DE0000-0x0000000001F94000-memory.dmp

Filesize
1.7MB

Download