12db789012b013720fb523de590b37530133bac18585d4698053cab2626b3b63

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 17:14

Target

e7fdf1e6b5fe272443b305fdde093e9c_JaffaCakes118.exe
Size

2.9MB
MD5

e7fdf1e6b5fe272443b305fdde093e9c
SHA1

84d9bab571c7ecba8343eeb2e4957928624df9a4
SHA256

12db789012b013720fb523de590b37530133bac18585d4698053cab2626b3b63
SHA512

10ecfbafa8df7d9f01f9e77f6e369cbc195c302285dcb1560f6d271daecf743ed1ed2730c5511256d2ac9a4bc1068a06a6f1ac8b77a7268b0217a32d376d8d88
SSDEEP

49152:habTEzobVArJO/LYQND+UUWVN74NH5HUyNRcUsCVOzetdZJ:habx0O6YV4HBUCczzM3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
764	e7fdf1e6b5fe272443b305fdde093e9c_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
764	e7fdf1e6b5fe272443b305fdde093e9c_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4468-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x001000000002313b-11.dat	upx
behavioral2/memory/764-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4468	e7fdf1e6b5fe272443b305fdde093e9c_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4468	e7fdf1e6b5fe272443b305fdde093e9c_JaffaCakes118.exe
764	e7fdf1e6b5fe272443b305fdde093e9c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 764	4468	e7fdf1e6b5fe272443b305fdde093e9c_JaffaCakes118.exe	86
PID 4468 wrote to memory of 764	4468	e7fdf1e6b5fe272443b305fdde093e9c_JaffaCakes118.exe	86
PID 4468 wrote to memory of 764	4468	e7fdf1e6b5fe272443b305fdde093e9c_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\e7fdf1e6b5fe272443b305fdde093e9c_JaffaCakes118.exe

Filesize
2.9MB

MD5
4bae0da37007e552947b99a7a97319bb

SHA1
b1a5ddd2c7f0bc6431beae5d673ccf9e02729288

SHA256
b78bfa241cda19fc7875cc835ad4a42f69dc1e507786cea385d37981450bb022

SHA512
b7440d1957cca9eb34131a74ebcbd67ee0d43b8891f99e6f19ba924e2111a73fe049b0d1cb3ffdeff67cb9258ddbf4e49556cf7da891278cf2791ed22deeb37c

Download Submit
memory/764-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/764-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/764-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/764-20-0x0000000005590000-0x00000000057BA000-memory.dmp

Filesize
2.2MB

Download
memory/764-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/764-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4468-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4468-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4468-2-0x0000000001D50000-0x0000000001E83000-memory.dmp

Filesize
1.2MB

Download
memory/4468-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download