c9a7544e6ddbc44ed70e6e05b791f1a3ec1a753af46b19da450d36e87e668274

Analysis

max time kernel
95s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 10:25

Target

2bf9e787712b1d8762ed70f65ad9dc38_JaffaCakes118.dll
Size

63KB
MD5

2bf9e787712b1d8762ed70f65ad9dc38
SHA1

8779dcc45724f287557c87284bbdf6dff2c19952
SHA256

c9a7544e6ddbc44ed70e6e05b791f1a3ec1a753af46b19da450d36e87e668274
SHA512

8e510aa7855d8a4b3895afd66f2a3972883566a31febdc4184d2fb9cb0b58032e05bfc6fc0371f3fad5babe365e475173b664d820b5279bc0fda0797d6607400
SSDEEP

768:9xBtKtqyLUYtA7SoYUh9lsRjmxpnetESw2zV5aM7mfp1dvfxgZq46HLMw8ReKFmT:9CtgNNsepkLVUR146rl8VsBnSmgwYg

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4064-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 4064	5116	rundll32.exe	82
PID 5116 wrote to memory of 4064	5116	rundll32.exe	82
PID 5116 wrote to memory of 4064	5116	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bf9e787712b1d8762ed70f65ad9dc38_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bf9e787712b1d8762ed70f65ad9dc38_JaffaCakes118.dll,#1
  2⤵
  PID:4064

memory/4064-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download