3a455da863a0066e6a270df6d5f37e044616174dd99156c2afc4666d18f91758

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 23:07

Target

472d076d75b12b42527a29e4e5596a4f_JaffaCakes118.dll
Size

56KB
MD5

472d076d75b12b42527a29e4e5596a4f
SHA1

3608fe6b147f9e654476d37aad249c1870581be1
SHA256

3a455da863a0066e6a270df6d5f37e044616174dd99156c2afc4666d18f91758
SHA512

9405ff6a84c38c9132db5b2275a641e718004174f0d56bff0271b65445917cc9b11e624241487bcbc634f1415507bd1f10e9b0b8ead216a6c78ccaac44968460
SSDEEP

1536:uaqqc/mgR2+wuUzLLcUEXfSeClB2pvuiCIb:ufqc/J2JzLLcUEqPQpvuE

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3024-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 3024	1968	rundll32.exe	30
PID 1968 wrote to memory of 3024	1968	rundll32.exe	30
PID 1968 wrote to memory of 3024	1968	rundll32.exe	30
PID 1968 wrote to memory of 3024	1968	rundll32.exe	30
PID 1968 wrote to memory of 3024	1968	rundll32.exe	30
PID 1968 wrote to memory of 3024	1968	rundll32.exe	30
PID 1968 wrote to memory of 3024	1968	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\472d076d75b12b42527a29e4e5596a4f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\472d076d75b12b42527a29e4e5596a4f_JaffaCakes118.dll,#1
  2⤵
  PID:3024

memory/3024-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download