450e80864e339574989ba043fb948b743efe17cdec586b55d457910cbec2b049

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 03:43

Target

2add750b454474769a6150b8539925f7_JaffaCakes118.dll
Size

243KB
MD5

2add750b454474769a6150b8539925f7
SHA1

78338fd0d097e73166f343b4ae92742e41112264
SHA256

450e80864e339574989ba043fb948b743efe17cdec586b55d457910cbec2b049
SHA512

4d746b2f1873e6392585b139eea4be6d70526b20d8a1abd419053d0cc1eb2d1d1194f860a35e2c4bd2496b04a67c880703bb8fcef6b51da131c0365202390f9d
SSDEEP

6144:0xBZku30ZV7g+EBZCwXR4cUYOqy0hWOHbH9xru1YyDyJdr6D:ukuGlwXR9jOqyEWOHbH9duCyyrs

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4372-3-0x0000000010000000-0x00000000100A5000-memory.dmp	upx
behavioral2/memory/4372-2-0x0000000010000000-0x00000000100A5000-memory.dmp	upx
behavioral2/memory/4372-5-0x0000000010000000-0x00000000100A5000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4372	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 4372	2996	rundll32.exe	82
PID 2996 wrote to memory of 4372	2996	rundll32.exe	82
PID 2996 wrote to memory of 4372	2996	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2add750b454474769a6150b8539925f7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2add750b454474769a6150b8539925f7_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4372

memory/4372-1-0x0000000002BB0000-0x0000000002BEB000-memory.dmp

Filesize
236KB

Download
memory/4372-0-0x0000000010000000-0x00000000100A5000-memory.dmp

Filesize
660KB

Download
memory/4372-3-0x0000000010000000-0x00000000100A5000-memory.dmp

Filesize
660KB

Download
memory/4372-2-0x0000000010000000-0x00000000100A5000-memory.dmp

Filesize
660KB

Download
memory/4372-5-0x0000000010000000-0x00000000100A5000-memory.dmp

Filesize
660KB

Download
memory/4372-4-0x000000001006C000-0x00000000100A4000-memory.dmp

Filesize
224KB

Download