52d89d5259e43eccba9a246a505736cf5707f6a49f84167d310fb1eecbcf4f4b

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 23:45

Target

5e31c4bb4680345f9d50d8c3c63e4bba_JaffaCakes118.dll
Size

75KB
MD5

5e31c4bb4680345f9d50d8c3c63e4bba
SHA1

02b99c8dfb5f4b445db00f7482ae8a5bd465572a
SHA256

52d89d5259e43eccba9a246a505736cf5707f6a49f84167d310fb1eecbcf4f4b
SHA512

eb902608110283ac4ea7a3acef356a291322c5274749367559b1648644ccfa474494bee3059a899ea63de22a83dd81576fe7a6355fa17fb8b4f26de354a65cb5
SSDEEP

1536:lTESkEqKIri5P2ZYWZcqY266Z9Hb/nn13ysL/LlZiAJPPZWZKjBehTyJby:6SBk0PNWZJY26mHb/nYsLLHJPZ6gYhTr

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3616-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 3616	4904	rundll32.exe	84
PID 4904 wrote to memory of 3616	4904	rundll32.exe	84
PID 4904 wrote to memory of 3616	4904	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e31c4bb4680345f9d50d8c3c63e4bba_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e31c4bb4680345f9d50d8c3c63e4bba_JaffaCakes118.dll,#1
  2⤵
  PID:3616

memory/3616-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download