efc342fc2a3bb483cf059871d7f3fcd346daca2701fe1c13110ae2b80e6c3a0a

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 00:07

Target

61fc3bd4558304a6a21bc467d9f1ccba_JaffaCakes118.dll
Size

65KB
MD5

61fc3bd4558304a6a21bc467d9f1ccba
SHA1

96c6975f3c9eba1283a63d241ed9256edbc77a86
SHA256

efc342fc2a3bb483cf059871d7f3fcd346daca2701fe1c13110ae2b80e6c3a0a
SHA512

3e6e58f99bb305a9780cacee76c36c5bd341b9dc98ab249be925a3d07f7dd4acfe039fcada45dbf8e989485be85775304637aa7ba01d038052ee96d9a31f1024
SSDEEP

1536:NomNZnI+CQSrN3Nvn+0YCeS1t2trohFKoqv9jF/yMoE4RRyM:NooC+CpP+fiBehv9jslEORyM

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2228-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2228	2632	rundll32.exe	30
PID 2632 wrote to memory of 2228	2632	rundll32.exe	30
PID 2632 wrote to memory of 2228	2632	rundll32.exe	30
PID 2632 wrote to memory of 2228	2632	rundll32.exe	30
PID 2632 wrote to memory of 2228	2632	rundll32.exe	30
PID 2632 wrote to memory of 2228	2632	rundll32.exe	30
PID 2632 wrote to memory of 2228	2632	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61fc3bd4558304a6a21bc467d9f1ccba_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\61fc3bd4558304a6a21bc467d9f1ccba_JaffaCakes118.dll,#1
  2⤵
  PID:2228

memory/2228-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download