2a19806819de12d32f274d34ac3b86ddf685792234a1939a29186c0375167d2e

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 02:19

Target

43e83b9f1ea78568adfcf01210e367e2_JaffaCakes118.dll
Size

71KB
MD5

43e83b9f1ea78568adfcf01210e367e2
SHA1

ace1c0c4771826e63e580fa93327050ee6a72925
SHA256

2a19806819de12d32f274d34ac3b86ddf685792234a1939a29186c0375167d2e
SHA512

5c634abd5a95b6c5d94e42f332bc5802de1e86e04069173303fb4b64082cb02729f412c8512580245f015e399a910e6b2e1a29ed92e527deb842bab83b429028
SSDEEP

1536:aqu6uKyq95X/yKg4sQW/gYhdeLgegT38KpL3drEPBdnaTKCOLi8:Vuuyq3/yKg4N7YT8W5AJdaTo

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2348-0-0x0000000010000000-0x0000000010663000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 2348	1988	rundll32.exe	31
PID 1988 wrote to memory of 2348	1988	rundll32.exe	31
PID 1988 wrote to memory of 2348	1988	rundll32.exe	31
PID 1988 wrote to memory of 2348	1988	rundll32.exe	31
PID 1988 wrote to memory of 2348	1988	rundll32.exe	31
PID 1988 wrote to memory of 2348	1988	rundll32.exe	31
PID 1988 wrote to memory of 2348	1988	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\43e83b9f1ea78568adfcf01210e367e2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\43e83b9f1ea78568adfcf01210e367e2_JaffaCakes118.dll,#1
  2⤵
  PID:2348

memory/2348-0-0x0000000010000000-0x0000000010663000-memory.dmp

Filesize
6.4MB

Download