6e10f476232516aacf89e2541964b4ede1a33d6f7bcb24b448f4b323717248d8

Analysis

max time kernel
139s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 07:18

Target

03f6a8692f38d164d5a1b2db5c83f73d_JaffaCakes118.dll
Size

18KB
MD5

03f6a8692f38d164d5a1b2db5c83f73d
SHA1

76eb8fc4f92cb1c817dd3be78afc9905c26667a5
SHA256

6e10f476232516aacf89e2541964b4ede1a33d6f7bcb24b448f4b323717248d8
SHA512

0fc5de97a42a843cabe8c9cbf4a06a752887293d98a7af6d91587ed9c54a27eb18585908a42077a81e4fb95a192bb7bab39a1b281c0e88627b82b559686b7931
SSDEEP

384:zsTfdKRA2h5eZZPqwwhCUv+jjQS9kFjdmINTn:zs7iA2hwZMwwv4v9kFhF

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5040-1-0x0000000000350000-0x0000000000361000-memory.dmp	upx
behavioral2/memory/5040-0-0x0000000000350000-0x0000000000361000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 5040	456	rundll32.exe	83
PID 456 wrote to memory of 5040	456	rundll32.exe	83
PID 456 wrote to memory of 5040	456	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03f6a8692f38d164d5a1b2db5c83f73d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\03f6a8692f38d164d5a1b2db5c83f73d_JaffaCakes118.dll,#1
  2⤵
  PID:5040

memory/5040-1-0x0000000000350000-0x0000000000361000-memory.dmp

Filesize
68KB

Download
memory/5040-0-0x0000000000350000-0x0000000000361000-memory.dmp

Filesize
68KB

Download