8579a742c6d0beb81d3dbecebdfcb99fe85cd0938d8a28ab7fd987a041f15db5

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 21:12

Target

0f8b49bf40b618d5df243c7dc47b8317_JaffaCakes118.dll
Size

105KB
MD5

0f8b49bf40b618d5df243c7dc47b8317
SHA1

0df403fa0498d0b18efca91476c26c52eee9659f
SHA256

8579a742c6d0beb81d3dbecebdfcb99fe85cd0938d8a28ab7fd987a041f15db5
SHA512

8e508b1b66f5c3a6140507cc3968dc86816a444d544af15889bd826790da1c7a775f2a31ea286abd408910ce2444860f0a20b182ab92e7816c9ce44a5efb7bc0
SSDEEP

1536:TD6K271gp7DXHQ49A2qySdxWPyfq4KkIpLwbpdTfZYGyM0XGN4:TDGYLwwKxWwPhbpdTxUM34

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2272-0-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 2272	3816	rundll32.exe	80
PID 3816 wrote to memory of 2272	3816	rundll32.exe	80
PID 3816 wrote to memory of 2272	3816	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f8b49bf40b618d5df243c7dc47b8317_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f8b49bf40b618d5df243c7dc47b8317_JaffaCakes118.dll,#1
  2⤵
  PID:2272

memory/2272-0-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download