c4f700b894a666ef033d7d1ac13c16c6534d6760ca81bb44057172bcb1ee9455

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 04:55

Target

02f94638e348f2cf85884655dcb99f05_JaffaCakes118.dll
Size

15KB
MD5

02f94638e348f2cf85884655dcb99f05
SHA1

b3da065021de8b0fe66cc335993a106391d38ace
SHA256

c4f700b894a666ef033d7d1ac13c16c6534d6760ca81bb44057172bcb1ee9455
SHA512

0a822bc7e5a889fbc383423eb1fa791d157a0a5e35acd3be165a508f13c42ea11655b1ab680dec3ed4faf98ac33bfa8d76c0b8ad6b549f19aed4a7cc9b3e88ab
SSDEEP

192:zLvc/s0HIHV6XaRtwTOgYj9TnIQDLiyU61PKD4C25McV+srkqUAiQYha/tyXfJTi:Xk41tRxgg9r9n5V+sr5UAfChTJit

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1996-1-0x0000000010000000-0x000000001000E000-memory.dmp	upx
behavioral1/memory/1996-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 1996	1252	rundll32.exe	28
PID 1252 wrote to memory of 1996	1252	rundll32.exe	28
PID 1252 wrote to memory of 1996	1252	rundll32.exe	28
PID 1252 wrote to memory of 1996	1252	rundll32.exe	28
PID 1252 wrote to memory of 1996	1252	rundll32.exe	28
PID 1252 wrote to memory of 1996	1252	rundll32.exe	28
PID 1252 wrote to memory of 1996	1252	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\02f94638e348f2cf85884655dcb99f05_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\02f94638e348f2cf85884655dcb99f05_JaffaCakes118.dll,#1
  2⤵
  PID:1996

memory/1996-1-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1996-7-0x0000000010001000-0x000000001000A000-memory.dmp

Filesize
36KB

Download
memory/1996-6-0x000000001000D000-0x000000001000E000-memory.dmp

Filesize
4KB

Download
memory/1996-5-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1996-4-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1996-3-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1996-2-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1996-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download