cabff3f51eced31c94804ea093b51a227a19bb01754d6721bf0aa762fb1fcee4

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 11:47

Target

0854fb867c3011d456381f3efa9332b1_JaffaCakes118.dll
Size

44KB
MD5

0854fb867c3011d456381f3efa9332b1
SHA1

02311eff8c7d519a9f32f756e573d7cb79e61297
SHA256

cabff3f51eced31c94804ea093b51a227a19bb01754d6721bf0aa762fb1fcee4
SHA512

5d7d6cb90804e998520b6c8729e54fae5489ecdc28fb8fd268ea9908f7fa43f7b7ac2a74fd3fef851f82c78a22b9dc1d0b1eb399aca3ebb1205de848dc2051b0
SSDEEP

768:+RJ+xz8M1RmkB7IoXemMSDmaWbiocCaPhIgRcnhlJgjf+ZX0fGk2lgTr67:kYz8MDjumTfaifCLhXif+x6G1lgTrU

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1216-0-0x0000000010000000-0x000000001002A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 1216	1512	rundll32.exe	28
PID 1512 wrote to memory of 1216	1512	rundll32.exe	28
PID 1512 wrote to memory of 1216	1512	rundll32.exe	28
PID 1512 wrote to memory of 1216	1512	rundll32.exe	28
PID 1512 wrote to memory of 1216	1512	rundll32.exe	28
PID 1512 wrote to memory of 1216	1512	rundll32.exe	28
PID 1512 wrote to memory of 1216	1512	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0854fb867c3011d456381f3efa9332b1_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0854fb867c3011d456381f3efa9332b1_JaffaCakes118.dll,#1
  2⤵
  PID:1216

memory/1216-0-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download