6938215029fecc79b97ea58aaa33d721e7078af9b14aa8cc848d55aed653a7e2

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 01:55

Target

e8f2cdcc41071630c65f958d688e75a4_JaffaCakes118.exe
Size

2.7MB
MD5

e8f2cdcc41071630c65f958d688e75a4
SHA1

22d4166c277d50e338b2c1432720f91ceb7eed57
SHA256

6938215029fecc79b97ea58aaa33d721e7078af9b14aa8cc848d55aed653a7e2
SHA512

7aae273b1e04ab510818886b67d6f763267e81b102ecbb8b8a4f07c7f798475cf8b5b175cc9135769e016d84653a20b8b582881b6c198781c9f507826f8e5e9f
SSDEEP

49152:51zajJPlAaWvlkgC3VXpKLXl5FOfo/1LpLBfIlcDC4V38rzRGbW0l5H0RwKMMp:KjhM67KnsWLpLBA+C62zR2H0iKMMp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2908	e8f2cdcc41071630c65f958d688e75a4_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2908	e8f2cdcc41071630c65f958d688e75a4_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
2660	e8f2cdcc41071630c65f958d688e75a4_JaffaCakes118.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2660-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d00000001224c-10.dat	upx
behavioral1/memory/2660-14-0x0000000003630000-0x0000000003B1F000-memory.dmp	upx
behavioral1/memory/2908-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2660	e8f2cdcc41071630c65f958d688e75a4_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2660	e8f2cdcc41071630c65f958d688e75a4_JaffaCakes118.exe
2908	e8f2cdcc41071630c65f958d688e75a4_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2908	2660	e8f2cdcc41071630c65f958d688e75a4_JaffaCakes118.exe	28
PID 2660 wrote to memory of 2908	2660	e8f2cdcc41071630c65f958d688e75a4_JaffaCakes118.exe	28
PID 2660 wrote to memory of 2908	2660	e8f2cdcc41071630c65f958d688e75a4_JaffaCakes118.exe	28
PID 2660 wrote to memory of 2908	2660	e8f2cdcc41071630c65f958d688e75a4_JaffaCakes118.exe	28

\Users\Admin\AppData\Local\Temp\e8f2cdcc41071630c65f958d688e75a4_JaffaCakes118.exe

Filesize
2.7MB

MD5
bbadb8e84b53020949e33559cb57d0ba

SHA1
c4cc3ecdb4335fbfcd85529d9df939a7f6cae81f

SHA256
84ed83fe8035cee259e3de418ad3049816bb106413a4803c648334ddbe3f30e7

SHA512
a1ce918fa308c72a71fb7b77dc54ea4c56c0bf33df37601da7de79a9357b5542ea56e55a58b50399fde9443ce654795a5a6588d8e925378c803d9691174e3b28

Download Submit
memory/2660-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2660-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2660-2-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2660-14-0x0000000003630000-0x0000000003B1F000-memory.dmp

Filesize
4.9MB

Download
memory/2660-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2908-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2908-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2908-18-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/2908-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2908-24-0x0000000003510000-0x000000000373A000-memory.dmp

Filesize
2.2MB

Download
memory/2908-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download