320f84fc845aadb61d650e339d05e1de14a504080ed0d373016fcb45ad9c601c

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 21:16

Target

3abda972279f61c275c4f04f7dcbdda5_JaffaCakes118.dll
Size

61KB
MD5

3abda972279f61c275c4f04f7dcbdda5
SHA1

cf4cec92ebf8fbfee273dae1d3c36311cf29b6eb
SHA256

320f84fc845aadb61d650e339d05e1de14a504080ed0d373016fcb45ad9c601c
SHA512

f067840a5244219dda1b99284202939f61080db13d876ef3d04848d8e087bed3996dda2d393b1435daa293f108e595c69f5a2d1831a27bdbe5e7cbf24d4512ff
SSDEEP

1536:EGLj1u4y1XUlBD6i/Obwo2gbhKMLmzJc17Elm0Hn6L5y1:EGLj8DFg16sXuLmzu1om0Hb1

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4928-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 4928	4260	rundll32.exe	83
PID 4260 wrote to memory of 4928	4260	rundll32.exe	83
PID 4260 wrote to memory of 4928	4260	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3abda972279f61c275c4f04f7dcbdda5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3abda972279f61c275c4f04f7dcbdda5_JaffaCakes118.dll,#1
  2⤵
  PID:4928

memory/4928-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download