b39f1122279b0191ecc7ca644f68e18f766da15e0cca50fb6ac55158c134e6d4

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 16:10

Target

079caff9493f2c8175c3ca4e2d64fc7d_JaffaCakes118.dll
Size

278KB
MD5

079caff9493f2c8175c3ca4e2d64fc7d
SHA1

e8773c5c8292cb59dc2b0f292ece7d6f0ba144d1
SHA256

b39f1122279b0191ecc7ca644f68e18f766da15e0cca50fb6ac55158c134e6d4
SHA512

7e67440b0e15dd89e9651fb537686e42c1b8fa4a52c06629c46fe756fb6fe2bb80665831a81c306a9092f82d742d0105e84502e431b44960e60f4feb935cd8b5
SSDEEP

6144:OX2hqNf4GoWfOxm18fN2DgR7xDBqkAvioSn:u2BGPmIEN4MNBqX6oSn

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1156-0-0x0000000010000000-0x00000000100A3000-memory.dmp	upx
behavioral1/memory/1156-2-0x0000000010000000-0x00000000100A3000-memory.dmp	upx
behavioral1/memory/1156-1-0x0000000010000000-0x00000000100A3000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 1156	2384	rundll32.exe	28
PID 2384 wrote to memory of 1156	2384	rundll32.exe	28
PID 2384 wrote to memory of 1156	2384	rundll32.exe	28
PID 2384 wrote to memory of 1156	2384	rundll32.exe	28
PID 2384 wrote to memory of 1156	2384	rundll32.exe	28
PID 2384 wrote to memory of 1156	2384	rundll32.exe	28
PID 2384 wrote to memory of 1156	2384	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\079caff9493f2c8175c3ca4e2d64fc7d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\079caff9493f2c8175c3ca4e2d64fc7d_JaffaCakes118.dll,#1
  2⤵
  PID:1156

memory/1156-0-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download
memory/1156-2-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download
memory/1156-1-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download