b62a361454b8afd1a79cf7a09ba8bc5a94cb43b312f9f8f1ed4f85739c762d60

Analysis

max time kernel
92s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 01:54

Target

32dd80188f4f9345c977e108eaee687b_JaffaCakes118.dll
Size

73KB
MD5

32dd80188f4f9345c977e108eaee687b
SHA1

4df6f09adbcc3766c308137ab1e3b32a6c8ee543
SHA256

b62a361454b8afd1a79cf7a09ba8bc5a94cb43b312f9f8f1ed4f85739c762d60
SHA512

d6febb67b5e68ed4e86b58b5fbd0787d853004bde8484e3114cbacb7809e1332c28eb5e0e89f02e29da7aa30ea8294aaed044a48f8040828b8ff4d9e90de06ab
SSDEEP

1536:qmmMHWxfB4TOAWMvdsN806XNjsUUiJ/Xe6vHgyeE7xrVp:QMHOaOt8WN80cWjilXe6vHN1xp

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4124-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 4124	1912	rundll32.exe	82
PID 1912 wrote to memory of 4124	1912	rundll32.exe	82
PID 1912 wrote to memory of 4124	1912	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\32dd80188f4f9345c977e108eaee687b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\32dd80188f4f9345c977e108eaee687b_JaffaCakes118.dll,#1
  2⤵
  PID:4124

memory/4124-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download