a23c09c4357ab061504a9fc93aad47e2f982f26547b8f465591d60dd9032edfe

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 15:51

Target

355c3859c749b9275656850245b946ce_JaffaCakes118.dll
Size

93KB
MD5

355c3859c749b9275656850245b946ce
SHA1

dd241121756f3654d0920b8fd0850a6a2a13e0d4
SHA256

a23c09c4357ab061504a9fc93aad47e2f982f26547b8f465591d60dd9032edfe
SHA512

8a0bc06f4b0a568c8bece569880feb011945e8414b2bd856e560f940874551f8497dc872364e2acd436cddc8866f293c0fa5cfe7083a78659127c0e46efdbb42
SSDEEP

1536:Fmt4JCWNMCrMqXXTdZ8U1FEOSxqLH6LOgrL0LievCWeyfkQPAYZ8:ciJfNTrMqHTj1x56Lh4XvCW5IY

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2756-2-0x0000000074F70000-0x0000000074FA8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2756	2760	rundll32.exe	28
PID 2760 wrote to memory of 2756	2760	rundll32.exe	28
PID 2760 wrote to memory of 2756	2760	rundll32.exe	28
PID 2760 wrote to memory of 2756	2760	rundll32.exe	28
PID 2760 wrote to memory of 2756	2760	rundll32.exe	28
PID 2760 wrote to memory of 2756	2760	rundll32.exe	28
PID 2760 wrote to memory of 2756	2760	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\355c3859c749b9275656850245b946ce_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\355c3859c749b9275656850245b946ce_JaffaCakes118.dll,#1
  2⤵
  PID:2756

memory/2756-1-0x0000000074FC0000-0x0000000074FF8000-memory.dmp

Filesize
224KB

Download
memory/2756-0-0x0000000074FA0000-0x0000000074FD8000-memory.dmp

Filesize
224KB

Download
memory/2756-3-0x0000000074FB0000-0x0000000074FC3000-memory.dmp

Filesize
76KB

Download
memory/2756-2-0x0000000074F70000-0x0000000074FA8000-memory.dmp

Filesize
224KB

Download