d4766b6138aa61a0bcb631a215b01cd78f01ce960977e17ddf37ca7a53a8bb0a

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 23:52

Target

e8bb0d0d6768f14df52988e783707a93_JaffaCakes118.exe
Size

1.5MB
MD5

e8bb0d0d6768f14df52988e783707a93
SHA1

d24931ce573612e7bcb665dcbe2d2771c500b89f
SHA256

d4766b6138aa61a0bcb631a215b01cd78f01ce960977e17ddf37ca7a53a8bb0a
SHA512

20752d4587ef486f72f51f38ba2de1f284df35cde7f36284c7ca8d98c6cb79b4ae9b1441517a9a7dcdcfe83024bb012faee079aa7d5953ef2d8544e316c6035b
SSDEEP

24576:qs1Hg02INnJOX+VlJQn/Njohh+V5c1hTy+kUbLZ2h48vSVB+Xs5E6Vh9waIqlBUs:nFp2enJOXEM/V3nI3kUvUh4pVB+sE6fE

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1920	e8bb0d0d6768f14df52988e783707a93_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
1920	e8bb0d0d6768f14df52988e783707a93_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4512-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000a0000000231f2-11.dat	upx
behavioral2/memory/1920-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4512	e8bb0d0d6768f14df52988e783707a93_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4512	e8bb0d0d6768f14df52988e783707a93_JaffaCakes118.exe
1920	e8bb0d0d6768f14df52988e783707a93_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 1920	4512	e8bb0d0d6768f14df52988e783707a93_JaffaCakes118.exe	86
PID 4512 wrote to memory of 1920	4512	e8bb0d0d6768f14df52988e783707a93_JaffaCakes118.exe	86
PID 4512 wrote to memory of 1920	4512	e8bb0d0d6768f14df52988e783707a93_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\e8bb0d0d6768f14df52988e783707a93_JaffaCakes118.exe

Filesize
1.5MB

MD5
49b784d73bb2b8f891e67632e98f0a9e

SHA1
57151638539e275fb9ac8c3ff790013e8bcf6f6c

SHA256
c1db18dcbbcaef9a1a3f5e3df35b90d8647ee827a571d97069d9529617e5cf97

SHA512
cf1879d476f8b9ac972d584b6f40793d0e34f325ffcb70070648987e1927c2955fbfea13e0f96db4720a44e1bd70f414d7fa619fac4d1b93b1618e661178f676

Download Submit
memory/1920-16-0x0000000001D80000-0x0000000001EB3000-memory.dmp

Filesize
1.2MB

Download
memory/1920-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1920-22-0x0000000005680000-0x00000000058AA000-memory.dmp

Filesize
2.2MB

Download
memory/1920-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1920-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1920-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4512-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4512-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4512-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4512-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download