3869039a1c3c4fa6e63325a391ee6233efb5743b358850e943dcbf95c9fd2e72

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 14:25

Target

f145cd2691d9ced4d19709e1b815869d_JaffaCakes118.exe
Size

1.3MB
MD5

f145cd2691d9ced4d19709e1b815869d
SHA1

e4fbf22390cc9cf5d9c2802a94589732c29d1835
SHA256

3869039a1c3c4fa6e63325a391ee6233efb5743b358850e943dcbf95c9fd2e72
SHA512

2050da2d4627fe126524288aea70c778cb86e53f680a2e6e8587866f8e885e9024ef12277bd03d60a4454144587741120067b19e125525111690e823db473fed
SSDEEP

24576:Ohfvz8ukzfgs4VyFHxV6jCUXykzub7PRKLgZgM9ueCeA+1mvG:ORb5kzfghmSXyksJKEnQ

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2828	f145cd2691d9ced4d19709e1b815869d_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2828	f145cd2691d9ced4d19709e1b815869d_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
2936	f145cd2691d9ced4d19709e1b815869d_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000c000000012240-15.dat	upx
behavioral1/memory/2936-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2936	f145cd2691d9ced4d19709e1b815869d_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2936	f145cd2691d9ced4d19709e1b815869d_JaffaCakes118.exe
2828	f145cd2691d9ced4d19709e1b815869d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2828	2936	f145cd2691d9ced4d19709e1b815869d_JaffaCakes118.exe	28
PID 2936 wrote to memory of 2828	2936	f145cd2691d9ced4d19709e1b815869d_JaffaCakes118.exe	28
PID 2936 wrote to memory of 2828	2936	f145cd2691d9ced4d19709e1b815869d_JaffaCakes118.exe	28
PID 2936 wrote to memory of 2828	2936	f145cd2691d9ced4d19709e1b815869d_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\f145cd2691d9ced4d19709e1b815869d_JaffaCakes118.exe

Filesize
1.3MB

MD5
383c9bc325550077eff7228f6e79ae3e

SHA1
9e0c3f944dc68fb08d4e53dd4bb18ec5c1c42e0e

SHA256
af5f08d82d9e00525fe32a359169319f461e42f1a2f5f15d2f391fc9e06b62e0

SHA512
fa5fdc89da8820359ce09641847355f42eb90b63cc32d71c7fe793ef9ee6a1612008792f93a77be8647c489cd49e9a9428f2617f1655fc71aec8e37c4521eac9

Download Submit
memory/2828-20-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2828-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2828-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2828-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2936-16-0x00000000034E0000-0x000000000394A000-memory.dmp

Filesize
4.4MB

Download
memory/2936-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2936-4-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2936-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2936-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2936-26-0x00000000034E0000-0x000000000394A000-memory.dmp

Filesize
4.4MB

Download