819b3b2f0fd1ddb82bc5d0e00469397c1d000a222e2783fb9c3bdc688cf98b44

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 02:21

Target

43e9208b39b877d15cd3c2397c2e9fd1_JaffaCakes118.dll
Size

276KB
MD5

43e9208b39b877d15cd3c2397c2e9fd1
SHA1

4325856dbc321774ea39a4cda6ec892d87ee7f62
SHA256

819b3b2f0fd1ddb82bc5d0e00469397c1d000a222e2783fb9c3bdc688cf98b44
SHA512

4b92cc4e17acc78873f2d6e9642f6eca4f73b7f99352e7301fcb4133a9ba03c6be3cb74a0fb24df3d7fe41fdde9f88b4240e64a1004fa413afaf42070f082dd9
SSDEEP

6144:AoOI3Xm8ES3/s3vInjF0/UpG/KxX3KThgPGhRoSO:tXmZS3OmFiUOKQhgyRoSO

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3020-0-0x0000000010000000-0x00000000100A3000-memory.dmp	upx
behavioral1/memory/3020-3-0x0000000010000000-0x00000000100A3000-memory.dmp	upx
behavioral1/memory/3020-2-0x0000000010000000-0x00000000100A3000-memory.dmp	upx
behavioral1/memory/3020-1-0x0000000010000000-0x00000000100A3000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 3020	3016	rundll32.exe	30
PID 3016 wrote to memory of 3020	3016	rundll32.exe	30
PID 3016 wrote to memory of 3020	3016	rundll32.exe	30
PID 3016 wrote to memory of 3020	3016	rundll32.exe	30
PID 3016 wrote to memory of 3020	3016	rundll32.exe	30
PID 3016 wrote to memory of 3020	3016	rundll32.exe	30
PID 3016 wrote to memory of 3020	3016	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\43e9208b39b877d15cd3c2397c2e9fd1_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\43e9208b39b877d15cd3c2397c2e9fd1_JaffaCakes118.dll,#1
  2⤵
  PID:3020

memory/3020-0-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download
memory/3020-3-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download
memory/3020-2-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download
memory/3020-1-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download