46eb727b8f75c3f744ebd50fa83f4f09175b49e8997d52cb78a0cd24e5206178

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 17:52

Target

4ac3251930aa8d28be9d0f173e3de5b0_JaffaCakes118.dll
Size

62KB
MD5

4ac3251930aa8d28be9d0f173e3de5b0
SHA1

5e06f3e01431e35c5e4c134c70185ec968fa490d
SHA256

46eb727b8f75c3f744ebd50fa83f4f09175b49e8997d52cb78a0cd24e5206178
SHA512

c605908d19cc696a14489dfec1b2f7e83972f34bd536814fa248542eafb881e75652d824a71117142fb421265d460faaf2eeff0e81b8ffb1d224c7ecc45c2ffc
SSDEEP

768:pvx2CpXZZvaBJIf0gNR3Sl4FuCIoKQ6FrQ53X2I+mQd8Iyiq9dJH+MdmTUSxYg7v:P2cXZRfR144FM3QpGR8yeDdJ0qo

Score

7^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2832-3-0x00000000001D0000-0x000000000021B000-memory.dmp	upx
behavioral1/memory/2832-2-0x00000000001D0000-0x000000000021B000-memory.dmp	upx
behavioral1/memory/2832-1-0x00000000001D0000-0x000000000021B000-memory.dmp	upx
behavioral1/memory/2832-0-0x00000000001D0000-0x000000000021B000-memory.dmp	upx
behavioral1/memory/2832-6-0x00000000001D0000-0x000000000021B000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 2832	2752	rundll32.exe	30
PID 2752 wrote to memory of 2832	2752	rundll32.exe	30
PID 2752 wrote to memory of 2832	2752	rundll32.exe	30
PID 2752 wrote to memory of 2832	2752	rundll32.exe	30
PID 2752 wrote to memory of 2832	2752	rundll32.exe	30
PID 2752 wrote to memory of 2832	2752	rundll32.exe	30
PID 2752 wrote to memory of 2832	2752	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ac3251930aa8d28be9d0f173e3de5b0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ac3251930aa8d28be9d0f173e3de5b0_JaffaCakes118.dll,#1
  2⤵
  PID:2832

memory/2832-5-0x000000000020A000-0x000000000020B000-memory.dmp

Filesize
4KB

Download
memory/2832-4-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2832-3-0x00000000001D0000-0x000000000021B000-memory.dmp

Filesize
300KB

Download
memory/2832-2-0x00000000001D0000-0x000000000021B000-memory.dmp

Filesize
300KB

Download
memory/2832-1-0x00000000001D0000-0x000000000021B000-memory.dmp

Filesize
300KB

Download
memory/2832-0-0x00000000001D0000-0x000000000021B000-memory.dmp

Filesize
300KB

Download
memory/2832-6-0x00000000001D0000-0x000000000021B000-memory.dmp

Filesize
300KB

Download