2103751b6483b3e146155c83f069be9fd19312da1f6c799b5af58df86d36926b

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 12:52

Target

3d74607c3ed2d07b1f3085b1cfc1d11b_JaffaCakes118.dll
Size

277KB
MD5

3d74607c3ed2d07b1f3085b1cfc1d11b
SHA1

3d192f5b34b1685d003053de72f0920192e38011
SHA256

2103751b6483b3e146155c83f069be9fd19312da1f6c799b5af58df86d36926b
SHA512

86b76b1f472497596a96b276cc31d258e15692ffd4887bc7209ba3d19630e0da14b34f1877cd590f1b8e1e1416b648242cab7ce1ee3ced2b28a5065b3524236d
SSDEEP

6144:x4OLYOXMmPGdQEUxk+Bm8J8VkQgEo0oLTFHPM0+Yc6612G0soSu:6OUOXM4GOxbBvJ8a5EotL5PM0+Yo12GA

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3032-0-0x0000000010000000-0x00000000100A3000-memory.dmp	upx
behavioral1/memory/3032-3-0x0000000010000000-0x00000000100A3000-memory.dmp	upx
behavioral1/memory/3032-2-0x0000000010000000-0x00000000100A3000-memory.dmp	upx
behavioral1/memory/3032-1-0x0000000010000000-0x00000000100A3000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 3032	1356	rundll32.exe	30
PID 1356 wrote to memory of 3032	1356	rundll32.exe	30
PID 1356 wrote to memory of 3032	1356	rundll32.exe	30
PID 1356 wrote to memory of 3032	1356	rundll32.exe	30
PID 1356 wrote to memory of 3032	1356	rundll32.exe	30
PID 1356 wrote to memory of 3032	1356	rundll32.exe	30
PID 1356 wrote to memory of 3032	1356	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d74607c3ed2d07b1f3085b1cfc1d11b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d74607c3ed2d07b1f3085b1cfc1d11b_JaffaCakes118.dll,#1
  2⤵
  PID:3032

memory/3032-0-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download
memory/3032-3-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download
memory/3032-2-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download
memory/3032-1-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download