8754ac636fb9a50cee189581710aa1507090f9d8c2f7873b8f984bb6872af01f

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 21:17

Target

616f00d0dc0126a825ee0ec4418b727e_JaffaCakes118.dll
Size

74KB
MD5

616f00d0dc0126a825ee0ec4418b727e
SHA1

6e15bc5ab4f679a4ec9807c62b4168fdd8186298
SHA256

8754ac636fb9a50cee189581710aa1507090f9d8c2f7873b8f984bb6872af01f
SHA512

49b08dbfe6a536b830acbbd09f6dd62a958977a6ed40f08cbdaaba07e4e99a30a2ef10d790e9c68c6b9a4aaa2979026ab2b6cf850331c1361fd8482092f326b0
SSDEEP

1536:yl3E0T3ZSe8Sv8/8Xj949epU5/tBjBBfnMAmMhf1h8yJVv:E39zLv8/8XZ4spKlBjpmaNJB

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4920-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 4920	4956	rundll32.exe	84
PID 4956 wrote to memory of 4920	4956	rundll32.exe	84
PID 4956 wrote to memory of 4920	4956	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\616f00d0dc0126a825ee0ec4418b727e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\616f00d0dc0126a825ee0ec4418b727e_JaffaCakes118.dll,#1
  2⤵
  PID:4920

memory/4920-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download