b52b34e9f43212f2001527d79f8294ba2ab6afa34b77d5e5c5a0d90d1b17cb88

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 05:53

Target

4070def72693b603ccf2dd99e8b174e8_JaffaCakes118.dll
Size

245KB
MD5

4070def72693b603ccf2dd99e8b174e8
SHA1

0941638b128597fe9329f73ed7b39b7746f092e9
SHA256

b52b34e9f43212f2001527d79f8294ba2ab6afa34b77d5e5c5a0d90d1b17cb88
SHA512

e3dbd7fd70bdf950f8e60217ae00a923f1eb684a1a02246b1d2161fb0f21fad37074a21289c301b52454361539d4391faaec06e1dfef75a077a5dfc338c51d2c
SSDEEP

6144:8ypjvMz83uvmutd6foGI5K27oHBTztb7cdPyaz:bzMvLdYoGI5d7oHBtsdPyaz

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3120-2-0x0000000010000000-0x00000000100A5000-memory.dmp	upx
behavioral2/memory/3120-3-0x0000000010000000-0x00000000100A5000-memory.dmp	upx
behavioral2/memory/3120-5-0x0000000010000000-0x00000000100A5000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3120	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 3120	4760	rundll32.exe	83
PID 4760 wrote to memory of 3120	4760	rundll32.exe	83
PID 4760 wrote to memory of 3120	4760	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4070def72693b603ccf2dd99e8b174e8_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4070def72693b603ccf2dd99e8b174e8_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3120

memory/3120-0-0x0000000010000000-0x00000000100A5000-memory.dmp

Filesize
660KB

Download
memory/3120-1-0x00000000027C0000-0x00000000027FC000-memory.dmp

Filesize
240KB

Download
memory/3120-2-0x0000000010000000-0x00000000100A5000-memory.dmp

Filesize
660KB

Download
memory/3120-3-0x0000000010000000-0x00000000100A5000-memory.dmp

Filesize
660KB

Download
memory/3120-4-0x000000001006C000-0x00000000100A4000-memory.dmp

Filesize
224KB

Download
memory/3120-5-0x0000000010000000-0x00000000100A5000-memory.dmp

Filesize
660KB

Download