316cbc303f98550b7eb7819f1246671d24fc7b981e16619c6d41cf0bb1efda2e

Analysis

max time kernel
104s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 05:02

Target

44691ea6cbf94086962d91bc8a582594_JaffaCakes118.dll
Size

47KB
MD5

44691ea6cbf94086962d91bc8a582594
SHA1

12f61ed21a8e22d648d237ff7a57cd1ea5b27b86
SHA256

316cbc303f98550b7eb7819f1246671d24fc7b981e16619c6d41cf0bb1efda2e
SHA512

4bf8463ba05ecddbe483c82441015fa322fbbbfa184a1c252ad1ec22cd886330b4978c90fe7189245da4a0651d4c3ac941ab499f4c2ee1000e3f3312b5fadd5c
SSDEEP

768:yuUr3ip/IHI7NQTvrWWBE+DsYla1NrSUaMaXjMgP5MWjgWv1KkparlDGGMPQ:yl3E0TiWe78aYPJRxMGNkrlDYPQ

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2600-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2600	3068	rundll32.exe	83
PID 3068 wrote to memory of 2600	3068	rundll32.exe	83
PID 3068 wrote to memory of 2600	3068	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\44691ea6cbf94086962d91bc8a582594_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\44691ea6cbf94086962d91bc8a582594_JaffaCakes118.dll,#1
  2⤵
  PID:2600

memory/2600-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download