1c8c577aabc83ddb3399e17a495c68bfb1656609e6529e44acf4c9f97c67af43

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 19:36

Target

611e82b6a2cd04c478863f292d339736_JaffaCakes118.dll
Size

58KB
MD5

611e82b6a2cd04c478863f292d339736
SHA1

4cff3f3cf0d90962f12a6222e096c3c15bfd241d
SHA256

1c8c577aabc83ddb3399e17a495c68bfb1656609e6529e44acf4c9f97c67af43
SHA512

fee6faed59cba8fc248582303eea81d490a21067f19913317afd0e70edcad871064fb2cdc3e3fbc3cbab7a78ca67a7b3b375185e58198ef2213e484ae0944816
SSDEEP

1536:Mq/JmJSP8yKh56cPx13R0yDoeOxFB+ilAFDRQ:z/JmJSP8yKh5NPBN2DB+ilABRQ

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4068-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 4068	640	rundll32.exe	84
PID 640 wrote to memory of 4068	640	rundll32.exe	84
PID 640 wrote to memory of 4068	640	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\611e82b6a2cd04c478863f292d339736_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\611e82b6a2cd04c478863f292d339736_JaffaCakes118.dll,#1
  2⤵
  PID:4068

memory/4068-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download