08e3a6fe295668b5a0c511f8274e41dfd1d64bd12e923bf87a66598a7700dddd

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 16:21

Target

5cb4b63985773a396ebc37891f169644_JaffaCakes118.dll
Size

76KB
MD5

5cb4b63985773a396ebc37891f169644
SHA1

cf6c78b65885d2702c3a8e8b65b79937d73cf819
SHA256

08e3a6fe295668b5a0c511f8274e41dfd1d64bd12e923bf87a66598a7700dddd
SHA512

4bb515e535bd1f442a255f8fa64a76b4eafafcd7a4d98fc5ba0a81a3695980a5f0397395873f5e76cf29633a4514eda577f8b66be9cf7070aaacc6ec5daef5cc
SSDEEP

1536:Bm1NGJVG6U9fL0LXk5YG6SsYryQGSSLud:kX0VZSYLXg56dayQGSSA

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3600-0-0x0000000010000000-0x0000000010013000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 3600	1312	rundll32.exe	84
PID 1312 wrote to memory of 3600	1312	rundll32.exe	84
PID 1312 wrote to memory of 3600	1312	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cb4b63985773a396ebc37891f169644_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cb4b63985773a396ebc37891f169644_JaffaCakes118.dll,#1
  2⤵
  PID:3600

memory/3600-0-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download