8ef938ef0cbea42f80544663afc170d51c3cef2b97859039f16a788e82b6ba0a

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 09:29

Target

ed19c0c8e92390702a5558d7b0f5ea82_JaffaCakes118.exe
Size

11.7MB
MD5

ed19c0c8e92390702a5558d7b0f5ea82
SHA1

10fefebcc3a8e5da8c6b7bb4c6a34fff0da8a5b2
SHA256

8ef938ef0cbea42f80544663afc170d51c3cef2b97859039f16a788e82b6ba0a
SHA512

a4c2272c9e6a5aa37c8e842a20055a2f8c1fc01ccab39907c1115e8dc2c34e17fee6c74752b0e03e1277a0d2a30646d9b458705d04586dcee7849f4b963687ff
SSDEEP

196608:RsXR8Lgl/iBiPY7xtxFgl/iBiPKAt1Mc3Mgl/iBiPY7xtxFgl/iBiP:WmL2iVxN2ivn2iVxN2i

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3792	ed19c0c8e92390702a5558d7b0f5ea82_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
3792	ed19c0c8e92390702a5558d7b0f5ea82_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/572-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/3792-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023205-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
572	ed19c0c8e92390702a5558d7b0f5ea82_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
572	ed19c0c8e92390702a5558d7b0f5ea82_JaffaCakes118.exe
3792	ed19c0c8e92390702a5558d7b0f5ea82_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 572 wrote to memory of 3792	572	ed19c0c8e92390702a5558d7b0f5ea82_JaffaCakes118.exe	83
PID 572 wrote to memory of 3792	572	ed19c0c8e92390702a5558d7b0f5ea82_JaffaCakes118.exe	83
PID 572 wrote to memory of 3792	572	ed19c0c8e92390702a5558d7b0f5ea82_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\ed19c0c8e92390702a5558d7b0f5ea82_JaffaCakes118.exe

Filesize
11.7MB

MD5
6c34abef9befbe7ccb07099bb30395c8

SHA1
c0052197827cfb9ac12d89b3cad074914f07eacc

SHA256
8e2ea2a004a880e2bcb43496fc5cf39cc325ba90c36d3de4b64c69ba25e7b3b9

SHA512
72a665ffaf817e8760e789f9baf821f0948e95bf9eb784c835326d3b8bda03aa2aade2883fcdf5cc5a2c7f58794da187c845103c5eefa1e684dd7cf3673bc2f5

Download Submit
memory/572-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/572-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/572-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/572-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3792-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3792-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3792-15-0x0000000001E00000-0x0000000001F33000-memory.dmp

Filesize
1.2MB

Download
memory/3792-20-0x0000000005700000-0x000000000592A000-memory.dmp

Filesize
2.2MB

Download
memory/3792-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3792-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download