1928db2bff30cc04bc260f19ca0f723843666bbfd6fa7df6f01950ad4d7bceec

Analysis

max time kernel
95s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 01:38

Target

efff5fe8701b3c275b4ff07abdcbda6d_JaffaCakes118.exe
Size

5.3MB
MD5

efff5fe8701b3c275b4ff07abdcbda6d
SHA1

94058a331cc6ba99d93d9bfb7ef4700b16cd482d
SHA256

1928db2bff30cc04bc260f19ca0f723843666bbfd6fa7df6f01950ad4d7bceec
SHA512

cbe7f42138e1b24066078d274410b4a4422a2a8ea9989217f0099e078684b2c9717151a6ca21c31b109d6a8671d6b0d479b1d184213a7ff5145ddf8e633d916b
SSDEEP

98304:8Nhcv7YoVkd32lShP8qTKvqjMQkXrNhFjOuTkKd32lShP8qTKvqjM:cmjYoVvYO8Kvqjy7NhxOuTkZYO8Kvqj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2140	efff5fe8701b3c275b4ff07abdcbda6d_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2140	efff5fe8701b3c275b4ff07abdcbda6d_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4992-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral2/files/0x000300000001e97a-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4992	efff5fe8701b3c275b4ff07abdcbda6d_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4992	efff5fe8701b3c275b4ff07abdcbda6d_JaffaCakes118.exe
2140	efff5fe8701b3c275b4ff07abdcbda6d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 2140	4992	efff5fe8701b3c275b4ff07abdcbda6d_JaffaCakes118.exe	84
PID 4992 wrote to memory of 2140	4992	efff5fe8701b3c275b4ff07abdcbda6d_JaffaCakes118.exe	84
PID 4992 wrote to memory of 2140	4992	efff5fe8701b3c275b4ff07abdcbda6d_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\efff5fe8701b3c275b4ff07abdcbda6d_JaffaCakes118.exe

Filesize
5.3MB

MD5
b273e760013e53edb311d7543fd17938

SHA1
6312519c12cb539742f413eccea07a44c630802e

SHA256
2b6d225870416e3432e2c3659b0c321b196f2f3153865bf2c8ec777c2e450807

SHA512
d88ebe1746649f35639e70e6182ae62e7a58022e0453c945e2a5c402ca72fd32328a43833e803f18d539a18824098d30ce4d9590f17226d1532544f5c23b5c3b

Download Submit
memory/2140-14-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2140-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2140-17-0x0000000001A70000-0x0000000001B82000-memory.dmp

Filesize
1.1MB

Download
memory/2140-24-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/4992-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/4992-1-0x0000000001940000-0x0000000001A52000-memory.dmp

Filesize
1.1MB

Download
memory/4992-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/4992-12-0x00000000006D0000-0x0000000000851000-memory.dmp

Filesize
1.5MB

Download
memory/4992-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download