419f8ee660796deabebccaa87f8570f9659c9e146eb57f14b4fcd935d3c8478f

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 03:00

Target

3bbfca97d5333c8ee1874eddffc136d6_JaffaCakes118.dll
Size

69KB
MD5

3bbfca97d5333c8ee1874eddffc136d6
SHA1

1ee3ddad7013769d1260df2cf2dd2b645b478ea0
SHA256

419f8ee660796deabebccaa87f8570f9659c9e146eb57f14b4fcd935d3c8478f
SHA512

b4f9ca3b7bed85e7041dfb8648ed6c9be9da21cd23a41f44bd657ee75d1c3fda1a6ad2d4d6f15690ba00e09319861ac4f18bbb106ac3a35e447d49a9f563e1f4
SSDEEP

1536:guZdKfrjQ4t4ztAoCQIZfnCaxoVb8Wji67:JZgjZtqAogRn3yb8Wji

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/756-0-0x0000000002510000-0x000000000251E000-memory.dmp	upx
behavioral2/memory/756-4-0x0000000002510000-0x000000000251E000-memory.dmp	upx
behavioral2/memory/756-6-0x0000000002510000-0x000000000251E000-memory.dmp	upx
behavioral2/memory/756-3-0x0000000002510000-0x000000000251E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 756	5040	rundll32.exe	82
PID 5040 wrote to memory of 756	5040	rundll32.exe	82
PID 5040 wrote to memory of 756	5040	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bbfca97d5333c8ee1874eddffc136d6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bbfca97d5333c8ee1874eddffc136d6_JaffaCakes118.dll,#1
  2⤵
  PID:756

memory/756-0-0x0000000002510000-0x000000000251E000-memory.dmp

Filesize
56KB

Download
memory/756-4-0x0000000002510000-0x000000000251E000-memory.dmp

Filesize
56KB

Download
memory/756-6-0x0000000002510000-0x000000000251E000-memory.dmp

Filesize
56KB

Download
memory/756-5-0x0000000002500000-0x0000000002506000-memory.dmp

Filesize
24KB

Download
memory/756-3-0x0000000002510000-0x000000000251E000-memory.dmp

Filesize
56KB

Download