9369fe22435465015b4f93c57fb35b7bbe3276bb1a71007478748f0f54eacb36

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 13:42

Target

41e98d39f067c426743a0990c9e2b358_JaffaCakes118.dll
Size

288KB
MD5

41e98d39f067c426743a0990c9e2b358
SHA1

84d37f6258b10c4250a3b0a9b12bc1ad20374210
SHA256

9369fe22435465015b4f93c57fb35b7bbe3276bb1a71007478748f0f54eacb36
SHA512

4476543d1edd5da74c815fea3ec5a6cac5d0c022889142d96542927f0fc10aee16a4801c7dde20e10535c726e94a3ecd581c6f26582bd96b26fb04455da419e5
SSDEEP

6144:ZAKyoS/E8AI1ftqOwqzxLkYuhAkEyZhGW5FYu77TwLn7v1G21OW:4LEaftqHqzJo/EyZP77nwL7v1GHW

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3088-0-0x0000000010000000-0x00000000100A2000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1304	3088	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 3088	2364	rundll32.exe	83
PID 2364 wrote to memory of 3088	2364	rundll32.exe	83
PID 2364 wrote to memory of 3088	2364	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\41e98d39f067c426743a0990c9e2b358_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\41e98d39f067c426743a0990c9e2b358_JaffaCakes118.dll,#1
  2⤵
  PID:3088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 544
    3⤵
    - Program crash
    PID:1304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 3088 -ip 3088
1⤵
PID:1300

memory/3088-0-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download