59fd470d1304f935d550d07a34c48347546bb813c9fb94c10c7d67ae6d48bedf

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 07:56

Target

66be0592f4d1bf66f28eb49836dad72b_JaffaCakes118.dll
Size

25KB
MD5

66be0592f4d1bf66f28eb49836dad72b
SHA1

3897dda01854ff7e8a0c4f733d46f970e68dffb6
SHA256

59fd470d1304f935d550d07a34c48347546bb813c9fb94c10c7d67ae6d48bedf
SHA512

0bea069bb5b5bafaed38a3868e3290be6b594c0609188cb718af8c83a46353046d9c5cb74239d08e877a4bd235636bd08e1dd92d5ebc82a37c3ca52915a59e77
SSDEEP

768:fh7GQbXKDFiEhQh1/g0JaCgSGQTm9PKwkKBQSo:fdLKg8+408CuIQRkKCl

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1688-0-0x0000000064180000-0x0000000064196000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 1688	2160	rundll32.exe	28
PID 2160 wrote to memory of 1688	2160	rundll32.exe	28
PID 2160 wrote to memory of 1688	2160	rundll32.exe	28
PID 2160 wrote to memory of 1688	2160	rundll32.exe	28
PID 2160 wrote to memory of 1688	2160	rundll32.exe	28
PID 2160 wrote to memory of 1688	2160	rundll32.exe	28
PID 2160 wrote to memory of 1688	2160	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\66be0592f4d1bf66f28eb49836dad72b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\66be0592f4d1bf66f28eb49836dad72b_JaffaCakes118.dll,#1
  2⤵
  PID:1688

memory/1688-2-0x0000000064180000-0x0000000064196000-memory.dmp

Filesize
88KB

Download
memory/1688-1-0x0000000064180000-0x0000000064196000-memory.dmp

Filesize
88KB

Download
memory/1688-0-0x0000000064180000-0x0000000064196000-memory.dmp

Filesize
88KB

Download