d0da203339556fd9846ca70f2a2af1041633f1141a4ce6a55d911bcaf8ee1806

Analysis

max time kernel
92s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 12:25

Target

0e10cff50317e5edba410f97fb9c2c57_JaffaCakes118.dll
Size

275KB
MD5

0e10cff50317e5edba410f97fb9c2c57
SHA1

77ef0317fddfb710c685b7fbd0fb88a26d735e76
SHA256

d0da203339556fd9846ca70f2a2af1041633f1141a4ce6a55d911bcaf8ee1806
SHA512

fdb0d5f4b3b7a496774b706e41c77ea27eadeb8c8201acc303578f21b5625d3281c774510ffa1125815fdbf3d064bc5eb42007cc52f4a727954982fe9ce6d293
SSDEEP

6144:0XYIc1yFLBzMYi2uRD4ad5kHdMb1174QX6gksBcoSJ:lEFZM2FadW9BukNoSJ

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3888-0-0x0000000010000000-0x00000000100A2000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3420	3888	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 3888	4844	rundll32.exe	80
PID 4844 wrote to memory of 3888	4844	rundll32.exe	80
PID 4844 wrote to memory of 3888	4844	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e10cff50317e5edba410f97fb9c2c57_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e10cff50317e5edba410f97fb9c2c57_JaffaCakes118.dll,#1
  2⤵
  PID:3888
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 568
    3⤵
    - Program crash
    PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3888 -ip 3888
1⤵
PID:4448

memory/3888-0-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download