1eb4a9577fc8ad0b0c03b0a2fe9faf5989ade53439ee7c1a2e589c0b272c8326

Analysis

max time kernel
143s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 17:43

Target

5cfd239ac020456b9abddbdebdbbdb72_JaffaCakes118.dll
Size

52KB
MD5

5cfd239ac020456b9abddbdebdbbdb72
SHA1

0c2fe8d3a585c41834fe2ee277b65ba0abf5794c
SHA256

1eb4a9577fc8ad0b0c03b0a2fe9faf5989ade53439ee7c1a2e589c0b272c8326
SHA512

d6741b0cb6b737bd699acb466b718ac35afaef0c00b9882718a2bdbadc9a8f160cb5e4d73c624cf6b71f14d4713f887bdbc2998ae07cb2667bfcb9d0a89f88a1
SSDEEP

768:nbY4lhLasGAZtCddsRTQvf9CJvu2GUbW3WWX0B/Ykdm2b9iNbhivc:EGgsxZtCwR8v1uv+UimY0wexRiCk

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2332-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2332	2044	rundll32.exe	84
PID 2044 wrote to memory of 2332	2044	rundll32.exe	84
PID 2044 wrote to memory of 2332	2044	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cfd239ac020456b9abddbdebdbbdb72_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cfd239ac020456b9abddbdebdbbdb72_JaffaCakes118.dll,#1
  2⤵
  PID:2332

memory/2332-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download