07bc5e19ccbd36b8eeffa11f084c8ec6cb06abaf2b5d0a27f84d0959c97f202a

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 05:30

Target

2f239a95e3714d5e56293c42f34d03e2_JaffaCakes118.dll
Size

53KB
MD5

2f239a95e3714d5e56293c42f34d03e2
SHA1

ba0ca7fcda13207706a97d0e816f1422e04b40fb
SHA256

07bc5e19ccbd36b8eeffa11f084c8ec6cb06abaf2b5d0a27f84d0959c97f202a
SHA512

fe8f79a1de3b84d12265d7eb35ddd58f5163e35227696d362baf4f446bf966a6234c8b4d8a4528f4e666598ca391e2fb53729e22c884b0ae49d7e743a25538c3
SSDEEP

1536:kjRUBHyxGnlZ6p0NXAsESSMgrv2etbIoteUy8Lax:kFUHlAIQn4Av2OIoBN2

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3688-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 3688	684	rundll32.exe	82
PID 684 wrote to memory of 3688	684	rundll32.exe	82
PID 684 wrote to memory of 3688	684	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f239a95e3714d5e56293c42f34d03e2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f239a95e3714d5e56293c42f34d03e2_JaffaCakes118.dll,#1
  2⤵
  PID:3688

memory/3688-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download