a0c25a35bc2212670f39c467dad6394ce8c460f722f8bd1a5023372354605c15

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 16:26

Target

270844aafc44e53084a004cf50d8cee5_JaffaCakes118.dll
Size

242KB
MD5

270844aafc44e53084a004cf50d8cee5
SHA1

1ed50648088c23b44f895912d03687581e39318c
SHA256

a0c25a35bc2212670f39c467dad6394ce8c460f722f8bd1a5023372354605c15
SHA512

78a00b72918b94d85958ccd5ed35d4cd310299a864459dff6b03b596c15db75600fd8884317779a0e5b2f3f0f257f675965279d1475d022cf5f4e43931ee81f3
SSDEEP

6144:0iNzVDWKVL8xhAA4Buj+IPQ7144ONWezM7uO:0Izc26hAcMSXMu

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4764-0-0x0000000010000000-0x0000000010083000-memory.dmp	upx
behavioral2/memory/4764-3-0x0000000010000000-0x0000000010083000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4764 set thread context of 2764	4764	rundll32.exe	84

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 4764	4444	rundll32.exe	82
PID 4444 wrote to memory of 4764	4444	rundll32.exe	82
PID 4444 wrote to memory of 4764	4444	rundll32.exe	82
PID 4764 wrote to memory of 2764	4764	rundll32.exe	84
PID 4764 wrote to memory of 2764	4764	rundll32.exe	84
PID 4764 wrote to memory of 2764	4764	rundll32.exe	84
PID 4764 wrote to memory of 2764	4764	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\270844aafc44e53084a004cf50d8cee5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\270844aafc44e53084a004cf50d8cee5_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4764
- - C:\Windows\SysWOW64\explorer.exe
    explorer.exe
    3⤵
    PID:2764

memory/2764-4-0x0000000000C40000-0x0000000000C80000-memory.dmp

Filesize
256KB

Download
memory/2764-5-0x0000000000C40000-0x0000000000C80000-memory.dmp

Filesize
256KB

Download
memory/4764-0-0x0000000010000000-0x0000000010083000-memory.dmp

Filesize
524KB

Download
memory/4764-3-0x0000000010000000-0x0000000010083000-memory.dmp

Filesize
524KB

Download