1797a251161bd137f1434f61fc0eb88037d36255678f6b937c97e65c6848cc62

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 14:17

Target

0901f3836dd0d15dc088dc6b750d1880_JaffaCakes118.dll
Size

144KB
MD5

0901f3836dd0d15dc088dc6b750d1880
SHA1

2a52291204cbb913740110210b35b31d8ba0be19
SHA256

1797a251161bd137f1434f61fc0eb88037d36255678f6b937c97e65c6848cc62
SHA512

be867bfe740b621a6faf7d8a6761121a64e58f8bc3e5f4e58df181990e6cbe26406e7d62c9c34820a850aef42b26517928e64e7dd2a6d453dfbb845644ea6ed5
SSDEEP

1536:c7JEbW2g8Hjy6r42B4nc8LijHrlmPodaFtiM/vlZu5AiBIIttPHpFr3:c0WAHLYLinlsod2cWKqIttP

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2416-0-0x0000000000160000-0x000000000016D000-memory.dmp	upx
behavioral1/memory/2416-4-0x0000000000160000-0x000000000016D000-memory.dmp	upx
behavioral1/memory/2416-3-0x0000000000160000-0x000000000016D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2416	1704	rundll32.exe	28
PID 1704 wrote to memory of 2416	1704	rundll32.exe	28
PID 1704 wrote to memory of 2416	1704	rundll32.exe	28
PID 1704 wrote to memory of 2416	1704	rundll32.exe	28
PID 1704 wrote to memory of 2416	1704	rundll32.exe	28
PID 1704 wrote to memory of 2416	1704	rundll32.exe	28
PID 1704 wrote to memory of 2416	1704	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0901f3836dd0d15dc088dc6b750d1880_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0901f3836dd0d15dc088dc6b750d1880_JaffaCakes118.dll,#1
  2⤵
  PID:2416

memory/2416-0-0x0000000000160000-0x000000000016D000-memory.dmp

Filesize
52KB

Download
memory/2416-4-0x0000000000160000-0x000000000016D000-memory.dmp

Filesize
52KB

Download
memory/2416-6-0x0000000000161000-0x0000000000166000-memory.dmp

Filesize
20KB

Download
memory/2416-5-0x0000000000166000-0x000000000016C000-memory.dmp

Filesize
24KB

Download
memory/2416-3-0x0000000000160000-0x000000000016D000-memory.dmp

Filesize
52KB

Download