3294a24d11235ba91ba2b926cb311fcdcd969ab37a738c5fb1b966c883c93e65

Analysis

max time kernel
91s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 07:21

Target

3831c0500cb0d5d668750e095130f38b_JaffaCakes118.dll
Size

59KB
MD5

3831c0500cb0d5d668750e095130f38b
SHA1

c669cd8786fcf74abf9639e128b82f67cccb5940
SHA256

3294a24d11235ba91ba2b926cb311fcdcd969ab37a738c5fb1b966c883c93e65
SHA512

05b8934f62a20baaecc8470f9e43dbececedd38de59526e180cc67dfbc573a287ad3d94de69e36d10b41ad7f9d354bf9363c59c45023539986bee48f4d878548
SSDEEP

1536:kQfr0LgFGh9aZHFmm8iT4g7VDzL7VeeLEQ:kQfQLDaZ8m8NoLn1

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3952-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 3952	1952	rundll32.exe	83
PID 1952 wrote to memory of 3952	1952	rundll32.exe	83
PID 1952 wrote to memory of 3952	1952	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3831c0500cb0d5d668750e095130f38b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3831c0500cb0d5d668750e095130f38b_JaffaCakes118.dll,#1
  2⤵
  PID:3952

memory/3952-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download