a4339751eaf56f8e9b65119a7b2b5ef53c663523184e0e8b4d719721dbea6c71

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 12:13

Target

f1070b18b2f1c6e723cfcee43706f642_JaffaCakes118.exe
Size

1.5MB
MD5

f1070b18b2f1c6e723cfcee43706f642
SHA1

09b4fc6c8c36bfb6dbc0179009678a34f0388f19
SHA256

a4339751eaf56f8e9b65119a7b2b5ef53c663523184e0e8b4d719721dbea6c71
SHA512

05311533b8de3e0c3afa44d6218ca6e55ef8927b00de6841db138051787f29c82950d9213703d44854489e261bc5b0e02f90100552466cfed3f6f548496c1a38
SSDEEP

24576:oWGmakcorBGOMOoO569sCWZQknasaf+Fu4gIloi5oLX95sPQMGwqF2yGIDKHaQQW:lGytrBPFoO569Cak/aWFBF5oDzs1Gwqj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2372	f1070b18b2f1c6e723cfcee43706f642_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2372	f1070b18b2f1c6e723cfcee43706f642_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
3064	f1070b18b2f1c6e723cfcee43706f642_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3064-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012330-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3064	f1070b18b2f1c6e723cfcee43706f642_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3064	f1070b18b2f1c6e723cfcee43706f642_JaffaCakes118.exe
2372	f1070b18b2f1c6e723cfcee43706f642_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2372	3064	f1070b18b2f1c6e723cfcee43706f642_JaffaCakes118.exe	28
PID 3064 wrote to memory of 2372	3064	f1070b18b2f1c6e723cfcee43706f642_JaffaCakes118.exe	28
PID 3064 wrote to memory of 2372	3064	f1070b18b2f1c6e723cfcee43706f642_JaffaCakes118.exe	28
PID 3064 wrote to memory of 2372	3064	f1070b18b2f1c6e723cfcee43706f642_JaffaCakes118.exe	28

\Users\Admin\AppData\Local\Temp\f1070b18b2f1c6e723cfcee43706f642_JaffaCakes118.exe

Filesize
1.5MB

MD5
02cf2d7d63fde3354bc5513c9caca7fc

SHA1
5b9d0e0ed1b41b17403888aab198c1312eacf749

SHA256
bbaba86c44e8e2e6b84bc839d816367da3ff0ac3084fcbbfd3776323fc898cf3

SHA512
3fefd938f9c1f229b740ef0100d94c53391f09ea0b0aec6d1aebaec904574fe9d736f22c303d6ca741d475ef78c53b3ddc8e092913f94098b5d260bb6967d8e3

Download Submit
memory/2372-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2372-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2372-19-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/2372-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2372-24-0x00000000036A0000-0x00000000038CA000-memory.dmp

Filesize
2.2MB

Download
memory/2372-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3064-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3064-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/3064-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3064-14-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/3064-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download