bf026a1b15064637f08cd4685ede29d89c3b33c4563efb2a052e10a760b84f22

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 08:44

Target

27eff476bb98122a39fa229bab8a7d8a_JaffaCakes118.dll
Size

231KB
MD5

27eff476bb98122a39fa229bab8a7d8a
SHA1

2976b5e3f4475109afa4b1f76f34ecde5da929b0
SHA256

bf026a1b15064637f08cd4685ede29d89c3b33c4563efb2a052e10a760b84f22
SHA512

dee93f58089ad4482a0da13730533212fa5219ca4f3948bb18b7962121a3ef5d2cdc58db29c5282f5472881d9fc1895ec953aa96a93cb11174a542e0ca0933e3
SSDEEP

6144:Irpb3lGnO4DABXWWGR4bmzSbdehq2jwb5SwI5J:Irpb8nXkVRGR4bmupiq2k5e5J

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2416-0-0x0000000010000000-0x00000000100A4000-memory.dmp	upx
behavioral2/memory/2416-2-0x0000000010000000-0x00000000100A4000-memory.dmp	upx
behavioral2/memory/2416-1-0x0000000010000000-0x00000000100A4000-memory.dmp	upx
behavioral2/memory/2416-5-0x0000000010000000-0x00000000100A4000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2416	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2416	2356	rundll32.exe	80
PID 2356 wrote to memory of 2416	2356	rundll32.exe	80
PID 2356 wrote to memory of 2416	2356	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27eff476bb98122a39fa229bab8a7d8a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\27eff476bb98122a39fa229bab8a7d8a_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2416

memory/2416-0-0x0000000010000000-0x00000000100A4000-memory.dmp

Filesize
656KB

Download
memory/2416-3-0x00000000008D0000-0x0000000000909000-memory.dmp

Filesize
228KB

Download
memory/2416-2-0x0000000010000000-0x00000000100A4000-memory.dmp

Filesize
656KB

Download
memory/2416-1-0x0000000010000000-0x00000000100A4000-memory.dmp

Filesize
656KB

Download
memory/2416-5-0x0000000010000000-0x00000000100A4000-memory.dmp

Filesize
656KB

Download
memory/2416-4-0x000000001006C000-0x00000000100A3000-memory.dmp

Filesize
220KB

Download