023c90732f6174ba520b438c9e53e07ca4de6168606936f5356f57d719521736

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 20:56

Target

262eaefb50c1edde14216d78edcdca32_JaffaCakes118.dll
Size

85KB
MD5

262eaefb50c1edde14216d78edcdca32
SHA1

779c8fd3010e595672b98aa8025b3ef3477ddcb0
SHA256

023c90732f6174ba520b438c9e53e07ca4de6168606936f5356f57d719521736
SHA512

55eff6bd992591f47e20eb8cad310701160895c47b7743f6acf213c8725d58a6c1e67786b772c152d4047f6d7904dc7e466b217ccd86e59679e369d05fcf3b4e
SSDEEP

1536:/xLK2OReR3CHmstaxpmJIdiqGIkFCabo+QWas:ZVOReRyHmswx0JEGIkxbAs

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2376-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2376	1936	rundll32.exe	28
PID 1936 wrote to memory of 2376	1936	rundll32.exe	28
PID 1936 wrote to memory of 2376	1936	rundll32.exe	28
PID 1936 wrote to memory of 2376	1936	rundll32.exe	28
PID 1936 wrote to memory of 2376	1936	rundll32.exe	28
PID 1936 wrote to memory of 2376	1936	rundll32.exe	28
PID 1936 wrote to memory of 2376	1936	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\262eaefb50c1edde14216d78edcdca32_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\262eaefb50c1edde14216d78edcdca32_JaffaCakes118.dll,#1
  2⤵
  PID:2376

memory/2376-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download