85cdc415a613ab8954ea18a356c1e75799b7b7c05f75decf1fdba2bfc6a6c799

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 09:34

Target

3cd74166b0005b5bb6974207dd9c45ae_JaffaCakes118.dll
Size

57KB
MD5

3cd74166b0005b5bb6974207dd9c45ae
SHA1

341689307fe1eba49c2b8a933160fcdb99444b0c
SHA256

85cdc415a613ab8954ea18a356c1e75799b7b7c05f75decf1fdba2bfc6a6c799
SHA512

c47587296c79e47893bf3ce51b8022e4750f66c86f2194589f60c4a7c3bffe8c314a2e15a710a80453388bbc7e924954caddbbae9144ed38e5a6cbc44a57ed09
SSDEEP

1536:Z6yEOWXF+nUgICvMsBOF4lTpCvDzFfyxsk8q5/GA:Qc3SCviuTpCvDzFfyxOq5/GA

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3120-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3712 wrote to memory of 3120	3712	rundll32.exe	83
PID 3712 wrote to memory of 3120	3712	rundll32.exe	83
PID 3712 wrote to memory of 3120	3712	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cd74166b0005b5bb6974207dd9c45ae_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3712
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cd74166b0005b5bb6974207dd9c45ae_JaffaCakes118.dll,#1
  2⤵
  PID:3120

memory/3120-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download