00a4a0274de9f77b37d02bd2183be46bf062adb49904940aa817ea0f5b5379c3

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 05:55

Target

14e74e11b55317f674dca864418f2570_JaffaCakes118.dll
Size

62KB
MD5

14e74e11b55317f674dca864418f2570
SHA1

d755607e92f44adcf1fda4834caa2323a828e2d4
SHA256

00a4a0274de9f77b37d02bd2183be46bf062adb49904940aa817ea0f5b5379c3
SHA512

383fad5c5016397f898d17ab809c2f5e86735fc72500324b73018efaefdd578cf831c6f74fe7a294e0d6cf6ce0544f12445f0677f34422d2ce3ff90836fcd3c5
SSDEEP

1536:S7fgeTpQoLMIRXinFHcCVfJVqBFChtDe:a3pDknFH5routDe

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2100-4-0x0000000000180000-0x000000000018E000-memory.dmp	upx
behavioral1/memory/2100-3-0x0000000000180000-0x000000000018E000-memory.dmp	upx
behavioral1/memory/2100-0-0x0000000000180000-0x000000000018E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 2100	1032	rundll32.exe	28
PID 1032 wrote to memory of 2100	1032	rundll32.exe	28
PID 1032 wrote to memory of 2100	1032	rundll32.exe	28
PID 1032 wrote to memory of 2100	1032	rundll32.exe	28
PID 1032 wrote to memory of 2100	1032	rundll32.exe	28
PID 1032 wrote to memory of 2100	1032	rundll32.exe	28
PID 1032 wrote to memory of 2100	1032	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14e74e11b55317f674dca864418f2570_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\14e74e11b55317f674dca864418f2570_JaffaCakes118.dll,#1
  2⤵
  PID:2100

memory/2100-5-0x0000000000130000-0x0000000000136000-memory.dmp

Filesize
24KB

Download
memory/2100-7-0x0000000000181000-0x0000000000187000-memory.dmp

Filesize
24KB

Download
memory/2100-6-0x0000000000187000-0x000000000018D000-memory.dmp

Filesize
24KB

Download
memory/2100-4-0x0000000000180000-0x000000000018E000-memory.dmp

Filesize
56KB

Download
memory/2100-3-0x0000000000180000-0x000000000018E000-memory.dmp

Filesize
56KB

Download
memory/2100-0-0x0000000000180000-0x000000000018E000-memory.dmp

Filesize
56KB

Download