44f16fc8664d56a67f332ff1bd7228454af200048753a72fc4b2ec2b76b46b06

Analysis

max time kernel
141s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240708-en
resource tags

arch:x64arch:x86image:win10v2004-20240708-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 17:30

Target

2d3604d8e3fdf1a059285f22b17fbd65_JaffaCakes118.dll
Size

238KB
MD5

2d3604d8e3fdf1a059285f22b17fbd65
SHA1

44ea802c57d13956471c2eb161b48773ece424e0
SHA256

44f16fc8664d56a67f332ff1bd7228454af200048753a72fc4b2ec2b76b46b06
SHA512

f92f5bf0a631b6a844f4cb3249375d392cdac1813abaec3ebf4aea0d7b49bdc7b318c6acb5476f23028a57f223084eb29c42778eba3f810febe6295a16a6667f
SSDEEP

6144:zBP69DyOgnm7X/eXxYoL5mDbALKDUxlyysjHQj:FJmZo4Rwj

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4480-0-0x0000000010000000-0x00000000100A4000-memory.dmp	upx
behavioral2/memory/4480-1-0x0000000010000000-0x00000000100A4000-memory.dmp	upx
behavioral2/memory/4480-5-0x0000000010000000-0x00000000100A4000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4480	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 4480	1948	rundll32.exe	80
PID 1948 wrote to memory of 4480	1948	rundll32.exe	80
PID 1948 wrote to memory of 4480	1948	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d3604d8e3fdf1a059285f22b17fbd65_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d3604d8e3fdf1a059285f22b17fbd65_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4480

memory/4480-0-0x0000000010000000-0x00000000100A4000-memory.dmp

Filesize
656KB

Download
memory/4480-3-0x0000000002CE0000-0x0000000002D1A000-memory.dmp

Filesize
232KB

Download
memory/4480-2-0x0000000010000000-0x00000000100A4000-memory.dmp

Filesize
656KB

Download
memory/4480-1-0x0000000010000000-0x00000000100A4000-memory.dmp

Filesize
656KB

Download
memory/4480-4-0x000000001006C000-0x00000000100A3000-memory.dmp

Filesize
220KB

Download
memory/4480-5-0x0000000010000000-0x00000000100A4000-memory.dmp

Filesize
656KB

Download