03adba231fdaa9d372f8baf17731d665d6d62724d74e80acfb5cd1f6d836053f

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 15:08

Target

072009a04c35629554e34482a204df0f_JaffaCakes118.dll
Size

49KB
MD5

072009a04c35629554e34482a204df0f
SHA1

065a1520895d53ba4e509ab2f585ae7a6dd331d7
SHA256

03adba231fdaa9d372f8baf17731d665d6d62724d74e80acfb5cd1f6d836053f
SHA512

16c52f9366c3d7d52908c070d4944c4816aaeeb5d5069c5b78ee3c75eda1ef8dda62933032a39dd0eb35b537aed97a774e6d47919ab5177c5cdd99c06d0eedca
SSDEEP

768:Ph2owsczgHZuiF6cmhBju7J6MzkyAvFboWwDkGcMXz03GXRZ/wuFz+c/m:PLczgHZuY6Nfu16MMNbbWcgz03enz+c+

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1924-0-0x0000000010000000-0x0000000010028000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 1924	2088	regsvr32.exe	28
PID 2088 wrote to memory of 1924	2088	regsvr32.exe	28
PID 2088 wrote to memory of 1924	2088	regsvr32.exe	28
PID 2088 wrote to memory of 1924	2088	regsvr32.exe	28
PID 2088 wrote to memory of 1924	2088	regsvr32.exe	28
PID 2088 wrote to memory of 1924	2088	regsvr32.exe	28
PID 2088 wrote to memory of 1924	2088	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\072009a04c35629554e34482a204df0f_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\072009a04c35629554e34482a204df0f_JaffaCakes118.dll
  2⤵
  PID:1924

memory/1924-0-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download