f63e6f89769d314463ae750d2abd10b112e0e94b65bc3460b64ffbef2bbf0ce1

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 01:42

Target

f265da3f3a73dc1c0cc27656ea39c2b6_JaffaCakes118.exe
Size

1.3MB
MD5

f265da3f3a73dc1c0cc27656ea39c2b6
SHA1

9b9a8a7da4be3440adc8f76436abc892089d5974
SHA256

f63e6f89769d314463ae750d2abd10b112e0e94b65bc3460b64ffbef2bbf0ce1
SHA512

4a1c57dad05ed8a5d4858c86aca13cf0f7a69d698d6c0e04a514afb5859200c012a89d12366b49b9437e79dce89a552f4ae150af0ce47455c5ca6e27b319f5ab
SSDEEP

24576:TM7Na8fy6YqAKNja9XuH0ZZEwoqGnCdmJqzlONEspLjX9bGDT7vG:TM7Njyv2Nj4ZoqGumJMONE+jJGD

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2172	f265da3f3a73dc1c0cc27656ea39c2b6_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2172	f265da3f3a73dc1c0cc27656ea39c2b6_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
1728	f265da3f3a73dc1c0cc27656ea39c2b6_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1728-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000b0000000121e6-11.dat	upx
behavioral1/memory/2172-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1728	f265da3f3a73dc1c0cc27656ea39c2b6_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1728	f265da3f3a73dc1c0cc27656ea39c2b6_JaffaCakes118.exe
2172	f265da3f3a73dc1c0cc27656ea39c2b6_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2172	1728	f265da3f3a73dc1c0cc27656ea39c2b6_JaffaCakes118.exe	28
PID 1728 wrote to memory of 2172	1728	f265da3f3a73dc1c0cc27656ea39c2b6_JaffaCakes118.exe	28
PID 1728 wrote to memory of 2172	1728	f265da3f3a73dc1c0cc27656ea39c2b6_JaffaCakes118.exe	28
PID 1728 wrote to memory of 2172	1728	f265da3f3a73dc1c0cc27656ea39c2b6_JaffaCakes118.exe	28

\Users\Admin\AppData\Local\Temp\f265da3f3a73dc1c0cc27656ea39c2b6_JaffaCakes118.exe

Filesize
1.3MB

MD5
cc4bf2a7bbbe0a166f321f3e5e135353

SHA1
6dd3c62e477a251a3ce158bafa22d6d44605e11b

SHA256
572c8de3baf705021d253a0f35b54781ff298ee465c0680b81faed5d02a20521

SHA512
d65d388696b8a8b1001b80981d2b830f03f8668f5c7636b3ecc77612463ba7daf3056f4d46ee0e80b937dd130431c41efe4f5d04949e1f625ccd76e8fda3d062

Download Submit
memory/1728-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1728-1-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/1728-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1728-15-0x00000000034D0000-0x000000000393A000-memory.dmp

Filesize
4.4MB

Download
memory/1728-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1728-26-0x00000000034D0000-0x000000000393A000-memory.dmp

Filesize
4.4MB

Download
memory/2172-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2172-19-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2172-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2172-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download