b39f1122279b0191ecc7ca644f68e18f766da15e0cca50fb6ac55158c134e6d4

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 16:10

Target

079caff9493f2c8175c3ca4e2d64fc7d_JaffaCakes118.dll
Size

278KB
MD5

079caff9493f2c8175c3ca4e2d64fc7d
SHA1

e8773c5c8292cb59dc2b0f292ece7d6f0ba144d1
SHA256

b39f1122279b0191ecc7ca644f68e18f766da15e0cca50fb6ac55158c134e6d4
SHA512

7e67440b0e15dd89e9651fb537686e42c1b8fa4a52c06629c46fe756fb6fe2bb80665831a81c306a9092f82d742d0105e84502e431b44960e60f4feb935cd8b5
SSDEEP

6144:OX2hqNf4GoWfOxm18fN2DgR7xDBqkAvioSn:u2BGPmIEN4MNBqX6oSn

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1240-0-0x0000000010000000-0x00000000100A3000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1192	1240	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 1240	4508	rundll32.exe	82
PID 4508 wrote to memory of 1240	4508	rundll32.exe	82
PID 4508 wrote to memory of 1240	4508	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\079caff9493f2c8175c3ca4e2d64fc7d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\079caff9493f2c8175c3ca4e2d64fc7d_JaffaCakes118.dll,#1
  2⤵
  PID:1240
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 568
    3⤵
    - Program crash
    PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1240 -ip 1240
1⤵
PID:4564

memory/1240-0-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download