6440fab1b210286e7d06655f40795b169717ac07ea7486b8d2b21df377889925

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 00:50

Target

182e5554362c8b375b51516d86bb96a5_JaffaCakes118.dll
Size

71KB
MD5

182e5554362c8b375b51516d86bb96a5
SHA1

f265e9a8d2e711a0346fcd582712b9b618f0d1ee
SHA256

6440fab1b210286e7d06655f40795b169717ac07ea7486b8d2b21df377889925
SHA512

c0e2fe7e973a970da07edc34673011a9609134cdcd8255acf1e16c2da5924a67fb2a360465477b6e73c80a125a9ca2d58af0740863c8e917cc0a0fe8889fa3b7
SSDEEP

1536:RVbkWTmYA6aVE4OeFN2bcBkIJ4k2A2RQALRgJpl:TQTYON2b8qfAkdt2pl

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2172-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 2172	1644	rundll32.exe	28
PID 1644 wrote to memory of 2172	1644	rundll32.exe	28
PID 1644 wrote to memory of 2172	1644	rundll32.exe	28
PID 1644 wrote to memory of 2172	1644	rundll32.exe	28
PID 1644 wrote to memory of 2172	1644	rundll32.exe	28
PID 1644 wrote to memory of 2172	1644	rundll32.exe	28
PID 1644 wrote to memory of 2172	1644	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\182e5554362c8b375b51516d86bb96a5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\182e5554362c8b375b51516d86bb96a5_JaffaCakes118.dll,#1
  2⤵
  PID:2172

memory/2172-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download