987fe67471379fc9e57ee9b3e2cbff58d9642cde2b79c921d27b7d34ab4d094b

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 01:09

Target

37235d6cfb5252580075a44f97e68df3_JaffaCakes118.dll
Size

65KB
MD5

37235d6cfb5252580075a44f97e68df3
SHA1

e007b54179b27ec53130f1101d5a084f2efed9bb
SHA256

987fe67471379fc9e57ee9b3e2cbff58d9642cde2b79c921d27b7d34ab4d094b
SHA512

5537cc53d1cb0e412e2b5f5f5e4d1c57e785009b95a867fd54ed17e9237635beb2155ffab5eabd60719b7f02e43aa7888257f1a2e757b4af5db4fa6b1205b77f
SSDEEP

1536:5jRmO3A4xeLIQmbjwWXJ9L61gMgSK61QOV49dpYIlg:xfw4wsQmvrMgSK4ideUg

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2728-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2728	1888	rundll32.exe	30
PID 1888 wrote to memory of 2728	1888	rundll32.exe	30
PID 1888 wrote to memory of 2728	1888	rundll32.exe	30
PID 1888 wrote to memory of 2728	1888	rundll32.exe	30
PID 1888 wrote to memory of 2728	1888	rundll32.exe	30
PID 1888 wrote to memory of 2728	1888	rundll32.exe	30
PID 1888 wrote to memory of 2728	1888	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37235d6cfb5252580075a44f97e68df3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\37235d6cfb5252580075a44f97e68df3_JaffaCakes118.dll,#1
  2⤵
  PID:2728

memory/2728-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download