316cbc303f98550b7eb7819f1246671d24fc7b981e16619c6d41cf0bb1efda2e

Analysis

max time kernel
15s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 05:02

Target

44691ea6cbf94086962d91bc8a582594_JaffaCakes118.dll
Size

47KB
MD5

44691ea6cbf94086962d91bc8a582594
SHA1

12f61ed21a8e22d648d237ff7a57cd1ea5b27b86
SHA256

316cbc303f98550b7eb7819f1246671d24fc7b981e16619c6d41cf0bb1efda2e
SHA512

4bf8463ba05ecddbe483c82441015fa322fbbbfa184a1c252ad1ec22cd886330b4978c90fe7189245da4a0651d4c3ac941ab499f4c2ee1000e3f3312b5fadd5c
SSDEEP

768:yuUr3ip/IHI7NQTvrWWBE+DsYla1NrSUaMaXjMgP5MWjgWv1KkparlDGGMPQ:yl3E0TiWe78aYPJRxMGNkrlDYPQ

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2364-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2364	2388	rundll32.exe	29
PID 2388 wrote to memory of 2364	2388	rundll32.exe	29
PID 2388 wrote to memory of 2364	2388	rundll32.exe	29
PID 2388 wrote to memory of 2364	2388	rundll32.exe	29
PID 2388 wrote to memory of 2364	2388	rundll32.exe	29
PID 2388 wrote to memory of 2364	2388	rundll32.exe	29
PID 2388 wrote to memory of 2364	2388	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\44691ea6cbf94086962d91bc8a582594_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\44691ea6cbf94086962d91bc8a582594_JaffaCakes118.dll,#1
  2⤵
  PID:2364

memory/2364-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download