49611d84235c077548f71306316ee89c55b8ac70b3ddf5c05e36523a4093f0a1

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 11:32

Target

3d33e297ca18de2255d0b41bac399526_JaffaCakes118.dll
Size

58KB
MD5

3d33e297ca18de2255d0b41bac399526
SHA1

89f702e5fea4f302928084e0cdc5b60271fd7408
SHA256

49611d84235c077548f71306316ee89c55b8ac70b3ddf5c05e36523a4093f0a1
SHA512

2a91fe26d464d32b361c0c63c907ea0ebca7db12e14e0fdae410df3c69fd741cf58fad435382453325b525513e0b0de3c03d540f8e3b3ec9776dab545b34bd95
SSDEEP

1536:qmmM0MXHOaLclJeyeI/zylRW48rSDzMYCNnuVCxC:QM1XuaLcbr/zWmrKQjNn+iC

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3480-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3648 wrote to memory of 3480	3648	rundll32.exe	83
PID 3648 wrote to memory of 3480	3648	rundll32.exe	83
PID 3648 wrote to memory of 3480	3648	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d33e297ca18de2255d0b41bac399526_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d33e297ca18de2255d0b41bac399526_JaffaCakes118.dll,#1
  2⤵
  PID:3480

memory/3480-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download