0942735a4556f8795167d8ec1a6cfc37d8760c9fa2af27f72260af089d73cc1d

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 11:57

Target

2160aff9e0583768f171d07e7c450034_JaffaCakes118.exe
Size

122KB
MD5

2160aff9e0583768f171d07e7c450034
SHA1

a3d40956151d0ac16d925bdd222e75ad426c965c
SHA256

0942735a4556f8795167d8ec1a6cfc37d8760c9fa2af27f72260af089d73cc1d
SHA512

040e3676fcc05ae154b0824dd2588e2d5ae35932c29729687f9c5cb8cb29dbb4e27d62322c8c5200944d8fa67824a95663acbc1d33b4e974b6a1ffcb770aa997
SSDEEP

3072:N9LdF/nOL0AQKxueKQ7n9o0T8LGrOgRe:N9LjnS0AjFKQW0TPOgR

Score

9^/10

Core1 .NET packer 1 IoCs

Detects packer/loader used by .NET malware.

resource	yara_rule
behavioral1/memory/1724-4-0x0000000000680000-0x00000000006A6000-memory.dmp	Core1

C:\Users\Admin\AppData\Local\Temp\2160aff9e0583768f171d07e7c450034_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2160aff9e0583768f171d07e7c450034_JaffaCakes118.exe"
1⤵
PID:1724

memory/1724-0-0x000000013FA30000-0x000000013FA52000-memory.dmp

Filesize
136KB

Download
memory/1724-1-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

Filesize
9.9MB

Download
memory/1724-2-0x0000000000650000-0x0000000000680000-memory.dmp

Filesize
192KB

Download
memory/1724-3-0x000000001B5F0000-0x000000001B670000-memory.dmp

Filesize
512KB

Download
memory/1724-4-0x0000000000680000-0x00000000006A6000-memory.dmp

Filesize
152KB

Download
memory/1724-5-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

Filesize
9.9MB

Download