535e243548c19cf977df370844825dad9e4226170ebc11bce61de6272df7a1d2

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 15:56

Target

f16fee67c23f0725f2b9d6431ccefa7f_JaffaCakes118.exe
Size

1.3MB
MD5

f16fee67c23f0725f2b9d6431ccefa7f
SHA1

5be935da886de0e461ff86acc76403b7701ac74d
SHA256

535e243548c19cf977df370844825dad9e4226170ebc11bce61de6272df7a1d2
SHA512

20ffcd1dd164f55b8629711ed5bd871fab676ae9ab88e4e3e93d8691b4c2d2d852ff0035dd43c66b3d7d34516b78622cf576b54995a9c40a505c3784a7164f29
SSDEEP

24576:e6MSKcCoLT5LvV5aL4yj27gTZdizmeJDBi/9a2fJ/AckOhQadQ8B4/OWCU9/9Us:49ovNVLy68dsyst4BZ6o6OkR9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4844	f16fee67c23f0725f2b9d6431ccefa7f_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4844	f16fee67c23f0725f2b9d6431ccefa7f_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/660-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000300000001e97a-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
660	f16fee67c23f0725f2b9d6431ccefa7f_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
660	f16fee67c23f0725f2b9d6431ccefa7f_JaffaCakes118.exe
4844	f16fee67c23f0725f2b9d6431ccefa7f_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 660 wrote to memory of 4844	660	f16fee67c23f0725f2b9d6431ccefa7f_JaffaCakes118.exe	87
PID 660 wrote to memory of 4844	660	f16fee67c23f0725f2b9d6431ccefa7f_JaffaCakes118.exe	87
PID 660 wrote to memory of 4844	660	f16fee67c23f0725f2b9d6431ccefa7f_JaffaCakes118.exe	87

C:\Users\Admin\AppData\Local\Temp\f16fee67c23f0725f2b9d6431ccefa7f_JaffaCakes118.exe

Filesize
1.3MB

MD5
e502434aefe3a1a1352e5a81e9c71151

SHA1
74b97e864d0c77af10e252b8b5ac4903bc9476d3

SHA256
b4f7ea3a1620623780073f09508ce6ff2d4aef8cc4839492424e09059e0d9e63

SHA512
4a5777fd6ec5c390fc94c82d7d11b013f2b802c06581b8fc06f5af5080c467f9f058cb624d7033726ee684f51723e52c97873c3e7dd4fa46587ac2ae7bdce984

Download Submit
memory/660-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/660-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/660-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/660-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4844-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4844-13-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/4844-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4844-21-0x0000000005620000-0x0000000005842000-memory.dmp

Filesize
2.1MB

Download
memory/4844-20-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4844-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download