8bea068cd4eb1ff2c1abae78b3e9775d08992e94916649e388e1f70d930b73ff

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 09:59

Target

19b700d471ddf55b173bc2b6faf015e8_JaffaCakes118.dll
Size

91KB
MD5

19b700d471ddf55b173bc2b6faf015e8
SHA1

002056a62420f7310b50820f4f688443ac432082
SHA256

8bea068cd4eb1ff2c1abae78b3e9775d08992e94916649e388e1f70d930b73ff
SHA512

83b68f2bfb4bede308d5266ac8f010773f8a216d334607cda26ccbbde99909fac48adb750e95a6dd4d5dc54ebeb6ed2099d3eb40a60e42003f2c3b1cb6d2b318
SSDEEP

1536:lmoLIIWdNE9jv4LsFgIgUBlxg91mN0rnTwvph79Cur:02RWdNEp4LsiSl2J2l9CU

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1612-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 1612	1604	rundll32.exe	81
PID 1604 wrote to memory of 1612	1604	rundll32.exe	81
PID 1604 wrote to memory of 1612	1604	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\19b700d471ddf55b173bc2b6faf015e8_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\19b700d471ddf55b173bc2b6faf015e8_JaffaCakes118.dll,#1
  2⤵
  PID:1612

memory/1612-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download