5e318270edfa4d39706ac8d941aed438baa5073713bb5b8138a3171db350ad08

Analysis

max time kernel
136s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 09:02

Target

5b456a6a32296a3fa0c35f3c6d25d299_JaffaCakes118.dll
Size

66KB
MD5

5b456a6a32296a3fa0c35f3c6d25d299
SHA1

a93452265381fabc8434a56e01586ae1f9737af4
SHA256

5e318270edfa4d39706ac8d941aed438baa5073713bb5b8138a3171db350ad08
SHA512

387bf1cfc6da22ff862d28d09c93a904c2616cc188a495b9fa28885b1a9c4aa5c2b6d6ee6c9e125f83beb581683bee47d433f6c14a50bd8bdb0b9d5c695be40b
SSDEEP

1536:evX4FfSGB5k6/6A98HE6FEa8CcVAgsoPOqD63gp:a4FfvB5kqTqHEWEhCqAgsomZwp

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3432-0-0x0000000010000000-0x000000001000C000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 3432	2916	rundll32.exe	83
PID 2916 wrote to memory of 3432	2916	rundll32.exe	83
PID 2916 wrote to memory of 3432	2916	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b456a6a32296a3fa0c35f3c6d25d299_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b456a6a32296a3fa0c35f3c6d25d299_JaffaCakes118.dll,#1
  2⤵
  PID:3432

memory/3432-0-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download