70bdeb644e007d2614a77bb324677b112a87c942f709cfbaf115009a6194fba2

Analysis

max time kernel
147s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 11:39

Target

eafac62ce941b81ceceb80e72b9ef396_JaffaCakes118.exe
Size

1.3MB
MD5

eafac62ce941b81ceceb80e72b9ef396
SHA1

1329314cf8757035f59911ec33542a8d207d1c1e
SHA256

70bdeb644e007d2614a77bb324677b112a87c942f709cfbaf115009a6194fba2
SHA512

6b6f62b8a5c4b21a8556f912b871e454cffcb5ab7635c893a8084c2034434b0f61527df90192a59772b65da7dfde576f63e207fe5f5af90c0662380c54e948d1
SSDEEP

24576:LysTuCmbCeGlhY9lAZdLQpgeoRePrlwaDRhD3x1dcSFZ1/WhuWc:2sTJ0CeGlhY3+Lhar13BvcSjl/p

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3952	eafac62ce941b81ceceb80e72b9ef396_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
3952	eafac62ce941b81ceceb80e72b9ef396_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/976-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023244-11.dat	upx
behavioral2/memory/3952-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
976	eafac62ce941b81ceceb80e72b9ef396_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
976	eafac62ce941b81ceceb80e72b9ef396_JaffaCakes118.exe
3952	eafac62ce941b81ceceb80e72b9ef396_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 976 wrote to memory of 3952	976	eafac62ce941b81ceceb80e72b9ef396_JaffaCakes118.exe	94
PID 976 wrote to memory of 3952	976	eafac62ce941b81ceceb80e72b9ef396_JaffaCakes118.exe	94
PID 976 wrote to memory of 3952	976	eafac62ce941b81ceceb80e72b9ef396_JaffaCakes118.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3960 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\eafac62ce941b81ceceb80e72b9ef396_JaffaCakes118.exe

Filesize
1.3MB

MD5
692cefe7d3f37e5998fafa725442f6cb

SHA1
79e576487488b7f818271c86fc266baac03705ec

SHA256
8d65ecbee88bb938ce4298f0ce34e04dd64b1afae2b2193112ce37fcb19d853d

SHA512
f6f989b9651ac19ff36327c2c0b9f22a6191c5935a6630163b7b9c05ce77bf0ca251311e59fd7c00e006aa5cf73fac3536f0dee6627448acb2bae18bfefafcf1

Download Submit
memory/976-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/976-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/976-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/976-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3952-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3952-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3952-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3952-20-0x00000000056A0000-0x00000000058CA000-memory.dmp

Filesize
2.2MB

Download
memory/3952-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3952-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download