0a7165078692a420d307c004e7c0522623c6b071b4f0ee6b2766d2e376898381

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 16:33

Target

63ef4786518a7c8812b538c030fb3e60_JaffaCakes118.dll
Size

71KB
MD5

63ef4786518a7c8812b538c030fb3e60
SHA1

ed042d3863c29eb5d750201ef7618dd9c3deca85
SHA256

0a7165078692a420d307c004e7c0522623c6b071b4f0ee6b2766d2e376898381
SHA512

22abb2240249a14b9796dc8c99a5d2115d3b972bf41007bdcea6d3f77a8a102d3df975f638aa27436daadf70f80e608c94b1495e3b51909ea8c6e98753f2acc9
SSDEEP

1536:n7ZLNPp9pZBMTxI3HDQEFSrP0gV8y6TfryKuMZv:7ZppEx0HDX9NTfryMZv

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2404-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 556 wrote to memory of 2404	556	rundll32.exe	84
PID 556 wrote to memory of 2404	556	rundll32.exe	84
PID 556 wrote to memory of 2404	556	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\63ef4786518a7c8812b538c030fb3e60_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\63ef4786518a7c8812b538c030fb3e60_JaffaCakes118.dll,#1
  2⤵
  PID:2404

memory/2404-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download