427a27aa785443bd0dacf75511ab57749afd02068c5c654f463a7ad7f52c4b03

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 07:50

Target

0d4480ad89d55265839d30fb9a3ed53c_JaffaCakes118.dll
Size

95KB
MD5

0d4480ad89d55265839d30fb9a3ed53c
SHA1

45977a5e1a023f860bac71a34623a7a51d3ad45b
SHA256

427a27aa785443bd0dacf75511ab57749afd02068c5c654f463a7ad7f52c4b03
SHA512

2fd45aa510c908ba89bdbdfcbcfdfb75b7ae75f1ace3cdb9d13513b3356bf3c0e9eede2258c2f85c9b008584cda08b8ccb828925e4ca8a5dd81f696d14aa9821
SSDEEP

1536:LmSQNbJE1vj8gDxkOg9Kphzr9s0gkB8OrneowxTx/lpa:LmFty1L8gDyOg9Kv9s0gkBJ9wxTxTa

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2348-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d4480ad89d55265839d30fb9a3ed53c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d4480ad89d55265839d30fb9a3ed53c_JaffaCakes118.dll,#1
  2⤵
  PID:2348

memory/2348-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download