763af63f25ffe1f641815e8f344f051fcebf4cc012cea4e55e9043f60c8ee60d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 08:05

Target

21a3dfb612c2f5751c58ac68d8b0b1a3_JaffaCakes118.dll
Size

93KB
MD5

21a3dfb612c2f5751c58ac68d8b0b1a3
SHA1

487714e5d3668a6591584fea11c6bf331a4f6f37
SHA256

763af63f25ffe1f641815e8f344f051fcebf4cc012cea4e55e9043f60c8ee60d
SHA512

0fa2ae62c17b6bef72a60446dd6053cb74ce0a0cdb8bbc8c0fa48b7713ec98a260dee8db9f27d2ffdb1dd984e7519762046b7c8aa16b251b00f860f8b295327c
SSDEEP

1536:mYPmW58FmpcTEvp/yG8+MulScJvw2hEBpJprYPDihZ8jIHxzE6/LwPZsXnouy8O:LP158FucTEv9/8+DkcJmXxmDih+KzH//

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1472-1-0x0000000010000000-0x0000000010031000-memory.dmp	upx
behavioral1/memory/1472-0-0x0000000010000000-0x0000000010031000-memory.dmp	upx
behavioral1/memory/1472-2-0x0000000010000000-0x0000000010031000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1472	2040	rundll32.exe	28
PID 2040 wrote to memory of 1472	2040	rundll32.exe	28
PID 2040 wrote to memory of 1472	2040	rundll32.exe	28
PID 2040 wrote to memory of 1472	2040	rundll32.exe	28
PID 2040 wrote to memory of 1472	2040	rundll32.exe	28
PID 2040 wrote to memory of 1472	2040	rundll32.exe	28
PID 2040 wrote to memory of 1472	2040	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21a3dfb612c2f5751c58ac68d8b0b1a3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\21a3dfb612c2f5751c58ac68d8b0b1a3_JaffaCakes118.dll,#1
  2⤵
  PID:1472

memory/1472-1-0x0000000010000000-0x0000000010031000-memory.dmp

Filesize
196KB

Download
memory/1472-0-0x0000000010000000-0x0000000010031000-memory.dmp

Filesize
196KB

Download
memory/1472-3-0x0000000010000000-0x0000000010031000-memory.dmp

Filesize
196KB

Download
memory/1472-2-0x0000000010000000-0x0000000010031000-memory.dmp

Filesize
196KB

Download