3b431a0e63f9edb5edb6e0d419b309487833bbcff467c8a075d90702d3884ec7

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 21:10

Target

366508fbcaec3b8604a34bfe350b348c_JaffaCakes118.dll
Size

91KB
MD5

366508fbcaec3b8604a34bfe350b348c
SHA1

2d0ea3bac134b8dd81b72e923f42919278929d9b
SHA256

3b431a0e63f9edb5edb6e0d419b309487833bbcff467c8a075d90702d3884ec7
SHA512

1600056b17265a4b412526cfb36b55c426532cc17334ae25fc7482987dfccfc0ee7df35c3b85a23826fa7875d581605d60de681e30b8765145e5267bd32ac1fe
SSDEEP

1536:jpSyrn1CZZV1ErUuXippOn/gtbzMaofbuPgpjIti9wVaPQvC6X91eL:gyLSzErUuy6n/W6lpjIE9w0E1+

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2960-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3860 wrote to memory of 2960	3860	rundll32.exe	rundll32.exe
PID 3860 wrote to memory of 2960	3860	rundll32.exe	rundll32.exe
PID 3860 wrote to memory of 2960	3860	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\366508fbcaec3b8604a34bfe350b348c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3860

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\366508fbcaec3b8604a34bfe350b348c_JaffaCakes118.dll,#1
2⤵
PID:2960

memory/2960-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download