68c8c71f7e83eba2777f568d77f833422aa278972650e93aa48d78d00c2aaa09

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 07:22

Target

f5446a937202a5ebfb92665642b84636_JaffaCakes118.exe
Size

2.7MB
MD5

f5446a937202a5ebfb92665642b84636
SHA1

b78eeb96885a20f50fa18732b8269c7ce1b3e291
SHA256

68c8c71f7e83eba2777f568d77f833422aa278972650e93aa48d78d00c2aaa09
SHA512

bf0326ce6e528ec2de4f8a3548d6af366f8d030cb4c6d561fdef7fcc79857256cbb1f4a8a18ededbd1f57d4726a1022b2e94e96ac817bc3695bef10814f7e63a
SSDEEP

49152:diWURLwZRBkIAair2eJ+QhNEm9KR9VLU+1q5lW9mflSDSwkuR9j:87MRaajah6mIHhUPAlkuHj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3124	f5446a937202a5ebfb92665642b84636_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
3124	f5446a937202a5ebfb92665642b84636_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/876-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000500000002326f-11.dat	upx
behavioral2/memory/3124-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
876	f5446a937202a5ebfb92665642b84636_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
876	f5446a937202a5ebfb92665642b84636_JaffaCakes118.exe
3124	f5446a937202a5ebfb92665642b84636_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 876 wrote to memory of 3124	876	f5446a937202a5ebfb92665642b84636_JaffaCakes118.exe	86
PID 876 wrote to memory of 3124	876	f5446a937202a5ebfb92665642b84636_JaffaCakes118.exe	86
PID 876 wrote to memory of 3124	876	f5446a937202a5ebfb92665642b84636_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\f5446a937202a5ebfb92665642b84636_JaffaCakes118.exe

Filesize
2.7MB

MD5
5c8069740051d309f57c86954d8cbda1

SHA1
58324179122d3da86ee344269ac0a2ecad2348bc

SHA256
fcfa62415e5d844d7058d1aa97efc6eefd485fd9b8eba2d11f247800c601acf7

SHA512
d20bfe529f056fed7cefe161c244053295242e287868caab3aad4c9705b90d39a09c496f1f1da9bafd043affd04219d6cf78981342b9c4128b7f9e55a4d7e095

Download Submit
memory/876-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/876-1-0x0000000001CE0000-0x0000000001E11000-memory.dmp

Filesize
1.2MB

Download
memory/876-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/876-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3124-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3124-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3124-15-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/3124-21-0x0000000005620000-0x0000000005842000-memory.dmp

Filesize
2.1MB

Download
memory/3124-20-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3124-42-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download