bcf3eca59caae28765f37cc9508bc66f56b3052ed0c85c56889cf65cee3bd180

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 19:03

Target

3e8389b1c5c68ddb50aee5c37230b10c_JaffaCakes118.dll
Size

65KB
MD5

3e8389b1c5c68ddb50aee5c37230b10c
SHA1

e08f418ade43fcd5d591bbcb2c7f73b1a5b165fa
SHA256

bcf3eca59caae28765f37cc9508bc66f56b3052ed0c85c56889cf65cee3bd180
SHA512

1dccea94a428766485f933baf6e05a45cb9f0983b74a47d2990f1dbf119913b6b805de4b8a71d8495c2e2e9decee2225ceb99db331108483283a7ebd335f7cb4
SSDEEP

1536:9ahOA6K5kj5K/sT20zFQ/Xfri66O8uwmaerdxMRSRt0++:dwA5ysq0oXTi66RmaoMRSRt0/

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3836-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 724 wrote to memory of 3836	724	rundll32.exe	83
PID 724 wrote to memory of 3836	724	rundll32.exe	83
PID 724 wrote to memory of 3836	724	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e8389b1c5c68ddb50aee5c37230b10c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e8389b1c5c68ddb50aee5c37230b10c_JaffaCakes118.dll,#1
  2⤵
  PID:3836

memory/3836-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download