a608b19f7dca71e21a4e9562c7fc8147a31efc5b7788cda7f7b936a87d0d210c

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 17:50

Target

46e098214278793ee04ac59628e3f0bf_JaffaCakes118.dll
Size

24KB
MD5

46e098214278793ee04ac59628e3f0bf
SHA1

89b3c09e5cebd86de573d07c2d42ff75631ed20c
SHA256

a608b19f7dca71e21a4e9562c7fc8147a31efc5b7788cda7f7b936a87d0d210c
SHA512

04264be1c762f7d4791c3fbbe9d5df8b79c3a5477e8fa059cb49c6da62c714de0e3900d6a636af3c9ca0b54a9523c84c32a50c18c9c339d546117954c1c819c9
SSDEEP

384:hTdCgJ3UVGS/UoOEGNLC+keZbxObyRH4aZKGYPo/gmTywoOTIT9o4gt8:hTdCFGpoOEGNLke91YiKxcTytOTw9os

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4628-0-0x0000000010000000-0x0000000010010000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 4628	2276	rundll32.exe	83
PID 2276 wrote to memory of 4628	2276	rundll32.exe	83
PID 2276 wrote to memory of 4628	2276	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46e098214278793ee04ac59628e3f0bf_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\46e098214278793ee04ac59628e3f0bf_JaffaCakes118.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628

memory/4628-0-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download