2e93163c799407315005d4d6e50089d0e4186b85f6e8c30ce1f33094c16d5927

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 12:26

Target

0e10f6db9f8072c4dc7d17aa5a11c0c2_JaffaCakes118.dll
Size

105KB
MD5

0e10f6db9f8072c4dc7d17aa5a11c0c2
SHA1

50829c657b3e9a70d5538bc4dfa06ad1fb8650a1
SHA256

2e93163c799407315005d4d6e50089d0e4186b85f6e8c30ce1f33094c16d5927
SHA512

42f9226de713cda6bceefb9892e416a7bda8501978abc866aa4a05001ad3fc6fae20fb39b0532f4f73a1faaa9fcb76c5f49b3ba28636c1298c9d8a46b55d811d
SSDEEP

1536:0RBNXdVNoK87xbs5dlTxACzBPFOIzQgVRLlZH+S7SmXcwhe/geolCAHjnOk+Pb/:0RBNXdAK87xbMdlTxAAPFbUgVRR7DhR0

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2648-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 2648	1188	rundll32.exe	82
PID 1188 wrote to memory of 2648	1188	rundll32.exe	82
PID 1188 wrote to memory of 2648	1188	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e10f6db9f8072c4dc7d17aa5a11c0c2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e10f6db9f8072c4dc7d17aa5a11c0c2_JaffaCakes118.dll,#1
  2⤵
  PID:2648

memory/2648-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download