3a96c096b72b0ac5e5f56f2470f82b2a80a0e9af576ac2464c301be84bebf6c0

Analysis

max time kernel
95s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 14:38

Target

2883a877a1406de058625ed99de496f6_JaffaCakes118.dll
Size

63KB
MD5

2883a877a1406de058625ed99de496f6
SHA1

3ea0ac735a3bf22735e6eefc165dfe6e34c44e88
SHA256

3a96c096b72b0ac5e5f56f2470f82b2a80a0e9af576ac2464c301be84bebf6c0
SHA512

f69d1ad1d94747b3cf92366d6a9822041d372c131cec1e18a5e96e153f1dee78a5053634c11413abed5e112ad4a8387ec242350300f85688dabe8af4b22c4b5f
SSDEEP

1536:yHZ33QxeksxOshzPaSl8+mjSdjg3UlrwvVJ:yHNQxeVxOsdaWSEmvVJ

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4540-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3696 wrote to memory of 4540	3696	rundll32.exe	82
PID 3696 wrote to memory of 4540	3696	rundll32.exe	82
PID 3696 wrote to memory of 4540	3696	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2883a877a1406de058625ed99de496f6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2883a877a1406de058625ed99de496f6_JaffaCakes118.dll,#1
  2⤵
  PID:4540

memory/4540-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download