825f55e96c5caf26c6e88129b53d9e611028380248e13fcadf6043621e78a5d7

Analysis

max time kernel
133s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 00:59

Target

273f6d9321b7ca28cea827ff09ad3c28_JaffaCakes118.dll
Size

22KB
MD5

273f6d9321b7ca28cea827ff09ad3c28
SHA1

30c07d4e9ce00d06723d2ce8502715b824730207
SHA256

825f55e96c5caf26c6e88129b53d9e611028380248e13fcadf6043621e78a5d7
SHA512

264e89479c57090364ce7ff26dfa948637ea13bb27d471c82d94f824402fbc12dd6502189f395a2ba35cf70256294d27d1c4e08547ca58693e34fc6c2a1cae09
SSDEEP

384:Zf4L7zB2BfRKk32ADdtXQYE3rGUNqOC586qKWWtNxjALdiu3wYTX/:ZfhfMLmtXQYEhTCJw0AT397/

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1900-0-0x0000000000400000-0x0000000000415000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 1900	2288	rundll32.exe	84
PID 2288 wrote to memory of 1900	2288	rundll32.exe	84
PID 2288 wrote to memory of 1900	2288	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\273f6d9321b7ca28cea827ff09ad3c28_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\273f6d9321b7ca28cea827ff09ad3c28_JaffaCakes118.dll,#1
  2⤵
  PID:1900

memory/1900-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download