c05a91ac3a023647fb6b68ba47e4c513907e9f30f19154d7000a53e282e85d34

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 23:42

Target

3f563c7ec4cb80ce47a97bf7998f8966_JaffaCakes118.dll
Size

2.1MB
MD5

3f563c7ec4cb80ce47a97bf7998f8966
SHA1

80549a3d769b1e468dc5500105cd7f7af1faa96f
SHA256

c05a91ac3a023647fb6b68ba47e4c513907e9f30f19154d7000a53e282e85d34
SHA512

a7721cae45787bd19b2c170cbc7dfab18b61ae1a882a92ca36bf2150dd7c3c9a1b26abc7c84e723385fbfd32e67ab3b16589182a50304e8fed0d2e88ae021a0c
SSDEEP

3072:Tmhww0bB+dWflLNCu4c9KFwb94Au/rzVRF:Tmyw0tLlLYuV9KOhu/vN

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2200-0-0x0000000010000000-0x000000001020F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2200	2368	rundll32.exe	30
PID 2368 wrote to memory of 2200	2368	rundll32.exe	30
PID 2368 wrote to memory of 2200	2368	rundll32.exe	30
PID 2368 wrote to memory of 2200	2368	rundll32.exe	30
PID 2368 wrote to memory of 2200	2368	rundll32.exe	30
PID 2368 wrote to memory of 2200	2368	rundll32.exe	30
PID 2368 wrote to memory of 2200	2368	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f563c7ec4cb80ce47a97bf7998f8966_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f563c7ec4cb80ce47a97bf7998f8966_JaffaCakes118.dll,#1
  2⤵
  PID:2200

memory/2200-0-0x0000000010000000-0x000000001020F000-memory.dmp

Filesize
2.1MB

Download
memory/2200-1-0x0000000010000000-0x000000001020F000-memory.dmp

Filesize
2.1MB

Download