cabff3f51eced31c94804ea093b51a227a19bb01754d6721bf0aa762fb1fcee4

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 11:47

Target

0854fb867c3011d456381f3efa9332b1_JaffaCakes118.dll
Size

44KB
MD5

0854fb867c3011d456381f3efa9332b1
SHA1

02311eff8c7d519a9f32f756e573d7cb79e61297
SHA256

cabff3f51eced31c94804ea093b51a227a19bb01754d6721bf0aa762fb1fcee4
SHA512

5d7d6cb90804e998520b6c8729e54fae5489ecdc28fb8fd268ea9908f7fa43f7b7ac2a74fd3fef851f82c78a22b9dc1d0b1eb399aca3ebb1205de848dc2051b0
SSDEEP

768:+RJ+xz8M1RmkB7IoXemMSDmaWbiocCaPhIgRcnhlJgjf+ZX0fGk2lgTr67:kYz8MDjumTfaifCLhXif+x6G1lgTrU

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1504-0-0x0000000010000000-0x000000001002A000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4804	1504	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 1504	736	rundll32.exe	83
PID 736 wrote to memory of 1504	736	rundll32.exe	83
PID 736 wrote to memory of 1504	736	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0854fb867c3011d456381f3efa9332b1_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0854fb867c3011d456381f3efa9332b1_JaffaCakes118.dll,#1
  2⤵
  PID:1504
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 600
    3⤵
    - Program crash
    PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1504 -ip 1504
1⤵
PID:3012

memory/1504-0-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download