05ff46a16ab5c2d4571b42bde77d91c8cd21d86506d4ffe45ff8b0dd2b4a90b8

Analysis

max time kernel
92s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 09:49

Target

38a139f1f83df90138cff8597a81ecc4_JaffaCakes118.dll
Size

66KB
MD5

38a139f1f83df90138cff8597a81ecc4
SHA1

d795b34b85c3981a43c97f0bf1f212211b92984f
SHA256

05ff46a16ab5c2d4571b42bde77d91c8cd21d86506d4ffe45ff8b0dd2b4a90b8
SHA512

a9370a64bb902ea0e7287070feeef4432c74731e77780061cb097f0c7988b5c7180cf6dab08727d7a6bbee8441088614a45bead18bd60658fd94eb65a51b27c5
SSDEEP

1536:GQ3tfgXKgesXQ0B92HWi6PkWeC/YNWWmXeaX38oDbwuwPoodP:VfgXKIpB0HWbsWeC/CEXeQ3nDbJAoOP

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1644-0-0x0000000010000000-0x0000000010016000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 1644	1680	rundll32.exe	82
PID 1680 wrote to memory of 1644	1680	rundll32.exe	82
PID 1680 wrote to memory of 1644	1680	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38a139f1f83df90138cff8597a81ecc4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38a139f1f83df90138cff8597a81ecc4_JaffaCakes118.dll,#1
  2⤵
  PID:1644

memory/1644-0-0x0000000010000000-0x0000000010016000-memory.dmp

Filesize
88KB

Download