cf1b97465e67b3e62514150371a810e05950de3e1d4adf69bd8d3b030d1f8bd8 | Triage

Analysis

max time kernel
135s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20-07-2024 07:49

Sharing

Report Analysis Logs

General

Target

5fa0e4db04db1fada5c61cc74259c53a_JaffaCakes118.dll
Size

137KB
MD5

5fa0e4db04db1fada5c61cc74259c53a
SHA1

9ab83d6cdd3a9eb699acf7d0db93e4b8fb21180d
SHA256

cf1b97465e67b3e62514150371a810e05950de3e1d4adf69bd8d3b030d1f8bd8
SHA512

f91aa6d043700491e259d2c45233bc1bc7702b70ae5a1df0c54f99bab56f7b3bfa6315932efdd5a5c642d6ba04e898e13de522db50ffd067ff2d90e5da7ba229
SSDEEP

3072:6niXS4Rz+mbvUif3yRauPxshFUf8W9tr:TnYLiuauPxsRYt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3116-0-0x00000000757F0000-0x0000000075815000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 3116	1196	rundll32.exe	84
PID 1196 wrote to memory of 3116	1196	rundll32.exe	84
PID 1196 wrote to memory of 3116	1196	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5fa0e4db04db1fada5c61cc74259c53a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5fa0e4db04db1fada5c61cc74259c53a_JaffaCakes118.dll,#1
  2⤵
  PID:3116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3116-0-0x00000000757F0000-0x0000000075815000-memory.dmp

Filesize
148KB

Download