6816a91ce14512852220c1969de5a9c50d448e1094bd9d9218ab2d853d6924a1 | Triage

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 21:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4b7f93e1128375d2a402f9377646d239_JaffaCakes118.dll
Size

15KB
MD5

4b7f93e1128375d2a402f9377646d239
SHA1

2ada74bce60d38f496962a22ad9b929e73337057
SHA256

6816a91ce14512852220c1969de5a9c50d448e1094bd9d9218ab2d853d6924a1
SHA512

fe8e1e73db9b12da91f6e369394af2d2bceb1ec275cb7f44f85d92289474777c55ef0a8cd94df22aa9ee729e288f06db4f73a7455eca3ea1cd1269802603947a
SSDEEP

384:5CZcZq/feCUpm/FKSMWzt7qSeAV2nXWDXW:YZYIeCU2F3zNbQw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5796-0-0x0000000000400000-0x0000000000410000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 6084 wrote to memory of 5796	6084	rundll32.exe	86
PID 6084 wrote to memory of 5796	6084	rundll32.exe	86
PID 6084 wrote to memory of 5796	6084	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b7f93e1128375d2a402f9377646d239_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:6084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b7f93e1128375d2a402f9377646d239_JaffaCakes118.dll,#1
  2⤵
  PID:5796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5796-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download