2b4f3c1cea6927925ef883ee9f904c406be1ddd70f41018982f870343103a9c2

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 11:02

Target

3d1ad8981b35836d25bed1a032a848d4_JaffaCakes118.dll
Size

64KB
MD5

3d1ad8981b35836d25bed1a032a848d4
SHA1

fc36b7cad192450a9e44ed44db0122d1e43863a5
SHA256

2b4f3c1cea6927925ef883ee9f904c406be1ddd70f41018982f870343103a9c2
SHA512

c772fe04eae08292e71ae86b5ccba939f83dc76e5ca64949fd6fdc4c76a191794b15e546aab0134a762c818c4fc7e009e818206897b7e2335459d433bef7f5fc
SSDEEP

1536:3XcPE4lW2BBS+9i2XJBjHgKMvgufPPDz+b/Ba:30XBBDJAKMoIqa

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4736-0-0x0000000001EE0000-0x0000000001F16000-memory.dmp	upx
behavioral2/memory/4736-1-0x0000000001EE0000-0x0000000001F16000-memory.dmp	upx
behavioral2/memory/4736-2-0x0000000001EE0000-0x0000000001F16000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 4736	1244	rundll32.exe	83
PID 1244 wrote to memory of 4736	1244	rundll32.exe	83
PID 1244 wrote to memory of 4736	1244	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d1ad8981b35836d25bed1a032a848d4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d1ad8981b35836d25bed1a032a848d4_JaffaCakes118.dll,#1
  2⤵
  PID:4736

memory/4736-0-0x0000000001EE0000-0x0000000001F16000-memory.dmp

Filesize
216KB

Download
memory/4736-1-0x0000000001EE0000-0x0000000001F16000-memory.dmp

Filesize
216KB

Download
memory/4736-2-0x0000000001EE0000-0x0000000001F16000-memory.dmp

Filesize
216KB

Download