d9bea7c191ef9e568530f3b13fe46223075a4cc65e1958710b24e93e78997166

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 21:24

Target

2969c147e21c756e1f41eae7c329b3e7_JaffaCakes118.dll
Size

50KB
MD5

2969c147e21c756e1f41eae7c329b3e7
SHA1

964288a346d8db3ee650d49e5194dfe55e8c16e2
SHA256

d9bea7c191ef9e568530f3b13fe46223075a4cc65e1958710b24e93e78997166
SHA512

c562bea9d595e15edf476397048ba76d362a4230d65e48dffb5e49d8767b0248d45dffa52b499f2cc1d023db2faa97290db89cda7252c21a1a81635f71247652
SSDEEP

1536:xZaO/kdsl2cCSwOb/q3vz/kwlu5eaAyPQ:xZj/iZcCSwOb/qDkwM3AyPQ

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1924-0-0x0000000010000000-0x0000000010025000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1924	2028	rundll32.exe	28
PID 2028 wrote to memory of 1924	2028	rundll32.exe	28
PID 2028 wrote to memory of 1924	2028	rundll32.exe	28
PID 2028 wrote to memory of 1924	2028	rundll32.exe	28
PID 2028 wrote to memory of 1924	2028	rundll32.exe	28
PID 2028 wrote to memory of 1924	2028	rundll32.exe	28
PID 2028 wrote to memory of 1924	2028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2969c147e21c756e1f41eae7c329b3e7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2969c147e21c756e1f41eae7c329b3e7_JaffaCakes118.dll,#1
  2⤵
  PID:1924

memory/1924-0-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download