5455ab4503b8702176c82eb3847f93796820d9f011e0118ed5dfd787994a8d09

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 22:37

Target

0fc936ced17c344d46ee953096c75a62_JaffaCakes118.dll
Size

52KB
MD5

0fc936ced17c344d46ee953096c75a62
SHA1

b3f2043c4057560440d1d36279b9ad0a8a42cecd
SHA256

5455ab4503b8702176c82eb3847f93796820d9f011e0118ed5dfd787994a8d09
SHA512

8f7950df13f60e74234927003ef77c69ff4594c3edb1136244c0e1d64ace89bfecf4026e13c18ee23f487407fd50b8bc271b30281475974fb7013f90323639d1
SSDEEP

1536:+VZmwKJ3qHn+KEq7LOpena5PhAKnC3vl9i9Z4qUxgUzD:KkwF+KEq7LOkna5+KnlqYUzD

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1992-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 1992	1740	rundll32.exe	28
PID 1740 wrote to memory of 1992	1740	rundll32.exe	28
PID 1740 wrote to memory of 1992	1740	rundll32.exe	28
PID 1740 wrote to memory of 1992	1740	rundll32.exe	28
PID 1740 wrote to memory of 1992	1740	rundll32.exe	28
PID 1740 wrote to memory of 1992	1740	rundll32.exe	28
PID 1740 wrote to memory of 1992	1740	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fc936ced17c344d46ee953096c75a62_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fc936ced17c344d46ee953096c75a62_JaffaCakes118.dll,#1
  2⤵
  PID:1992

memory/1992-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download