1f053d0bb10ba297218869a4562f5ff056fd29260e8b7f2f8b6ed53f5b2803c6

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 10:37

Target

673cd574bd6c143a6092358aa1a1c078_JaffaCakes118.dll
Size

47KB
MD5

673cd574bd6c143a6092358aa1a1c078
SHA1

e1e0564298bdee79a08b51cd086206b3d2a5b66e
SHA256

1f053d0bb10ba297218869a4562f5ff056fd29260e8b7f2f8b6ed53f5b2803c6
SHA512

614177473a7ea1da56e79360fc815746f614abe080db9bb9e50f51b326cfb582ced82f08ee03939773e52dbee1549b047691f4bb88f2c19c3ae25d444c44d9a7
SSDEEP

768:GbvLDaaMact8TRnHbttA6bZ1IuiJ5JpfnQfV1X82bWYW4qJKjmdj:evd7rnMug5JpfryWYdar

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/552-0-0x0000000010000000-0x000000001000C000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 552	4088	rundll32.exe	84
PID 4088 wrote to memory of 552	4088	rundll32.exe	84
PID 4088 wrote to memory of 552	4088	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\673cd574bd6c143a6092358aa1a1c078_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\673cd574bd6c143a6092358aa1a1c078_JaffaCakes118.dll,#1
  2⤵
  PID:552

memory/552-0-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download