dd1867269836db8c09fcc2d6cf6f561a7ad179dfb8d5a310e3f2f9ebdd0bb3cd

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 01:50

Target

65ae72d15f6ce840b54709c591d69c83_JaffaCakes118.dll
Size

82KB
MD5

65ae72d15f6ce840b54709c591d69c83
SHA1

171f9efef6a3d5671a8280feeabaa40e245dfe31
SHA256

dd1867269836db8c09fcc2d6cf6f561a7ad179dfb8d5a310e3f2f9ebdd0bb3cd
SHA512

07e501b0f4962703472b677a35516b37cafe320580ca8494e69eb9cf9b38d4d6a4bc7681f833c3810e34ae3dd7bb563af60590bbfe4e49d4b1e9b29c71fb5ebb
SSDEEP

1536:rM/yzsVCR3DFNhjFbVNiYGJ7FL/4DzzXghjYoQEootGuoh3AhFC9JUXOZP+kpxnZ:A/BVCR3RNhZbS7V/4DnXghksoZ3APSU4

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2244-0-0x0000000010000000-0x000000001002A000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2280	2244	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3436 wrote to memory of 2244	3436	rundll32.exe	84
PID 3436 wrote to memory of 2244	3436	rundll32.exe	84
PID 3436 wrote to memory of 2244	3436	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65ae72d15f6ce840b54709c591d69c83_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3436
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\65ae72d15f6ce840b54709c591d69c83_JaffaCakes118.dll,#1
  2⤵
  PID:2244
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 560
    3⤵
    - Program crash
    PID:2280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2244 -ip 2244
1⤵
PID:1736

memory/2244-0-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download