abbec808ba5fb32b75d7cb9482c173e7a1084cc20fc9523c920f2c09e1d55c4e

Analysis

max time kernel
139s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 04:13

Target

3bf2b61e7f5895859431af9b03adf749_JaffaCakes118.dll
Size

101KB
MD5

3bf2b61e7f5895859431af9b03adf749
SHA1

18763d50ddc68abba78d89afe40b21fd416e0f57
SHA256

abbec808ba5fb32b75d7cb9482c173e7a1084cc20fc9523c920f2c09e1d55c4e
SHA512

f25e8769040f622bafc6ed66e6da2c16af9bc7772c892f767be67c299edd7347e6c91e8bfe756d17c73a24750189afc15d8956317695d7c0512ee5cfe2ab5de6
SSDEEP

1536:LbfRsoNi6NO3xLE/9Ef2fAmFdQfg2fqf5KYhfPhJ9YMFqp:PsgO3KFKWtdQfZCf5KYXh0p

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2572-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 2572	4896	rundll32.exe	83
PID 4896 wrote to memory of 2572	4896	rundll32.exe	83
PID 4896 wrote to memory of 2572	4896	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bf2b61e7f5895859431af9b03adf749_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bf2b61e7f5895859431af9b03adf749_JaffaCakes118.dll,#1
  2⤵
  PID:2572

memory/2572-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download