0272970d40895ae85b4af052073475781adcf1361c7bbc3f3c0157cfc6b8185d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 22:10

Target

36979f287b9fec715c482d33b3b7cc33_JaffaCakes118.dll
Size

72KB
MD5

36979f287b9fec715c482d33b3b7cc33
SHA1

8896113bbb0959eefac6bff64158e08ada789b1a
SHA256

0272970d40895ae85b4af052073475781adcf1361c7bbc3f3c0157cfc6b8185d
SHA512

737daa749c492bb19348a8f810953cf7f8bf408641ff412b1a384bcb4a7cad45ea5d16947813a81ce23d8348fa6bc84a3833fbf2df36984db1279ce856d476e1
SSDEEP

1536:MhBRVgrExucM9Ho2zyPmneqf+kfUWi0iEDQ2W6a+J7QFQeos5i:cRRsro2stqhfa0iNmbMFQeosQ

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2400-0-0x0000000010000000-0x0000000010017000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 2400	2864	rundll32.exe	30
PID 2864 wrote to memory of 2400	2864	rundll32.exe	30
PID 2864 wrote to memory of 2400	2864	rundll32.exe	30
PID 2864 wrote to memory of 2400	2864	rundll32.exe	30
PID 2864 wrote to memory of 2400	2864	rundll32.exe	30
PID 2864 wrote to memory of 2400	2864	rundll32.exe	30
PID 2864 wrote to memory of 2400	2864	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36979f287b9fec715c482d33b3b7cc33_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\36979f287b9fec715c482d33b3b7cc33_JaffaCakes118.dll,#1
  2⤵
  PID:2400

memory/2400-0-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download