a2bd1089c128c41bc4b2d21c660b658253b6a139430d3179b82b637e3125fe24

Analysis

max time kernel
120s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 15:40

Target

f61c89c3c07f51a033653911c9f93066_JaffaCakes118.exe
Size

11.7MB
MD5

f61c89c3c07f51a033653911c9f93066
SHA1

db2b4b45bcb9ede5478584347f1c712ba1dd13bc
SHA256

a2bd1089c128c41bc4b2d21c660b658253b6a139430d3179b82b637e3125fe24
SHA512

833956eee26181003772d3b683f59f2b5c7b3ff16e912bb6c889ae454da62da7edf8e981be7ee2b8aa8b3c17f8ae448df8a75c304a64cc27a9877d915c5f7ab0
SSDEEP

196608:/3dDYMWCfQ02kP1bWChBB0WCfQ02kP1bWC:vdZNJ1bnBB0NJ1b

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4124	f61c89c3c07f51a033653911c9f93066_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4124	f61c89c3c07f51a033653911c9f93066_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1092-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000001e9b1-11.dat	upx
behavioral2/memory/4124-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1092	f61c89c3c07f51a033653911c9f93066_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1092	f61c89c3c07f51a033653911c9f93066_JaffaCakes118.exe
4124	f61c89c3c07f51a033653911c9f93066_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 4124	1092	f61c89c3c07f51a033653911c9f93066_JaffaCakes118.exe	88
PID 1092 wrote to memory of 4124	1092	f61c89c3c07f51a033653911c9f93066_JaffaCakes118.exe	88
PID 1092 wrote to memory of 4124	1092	f61c89c3c07f51a033653911c9f93066_JaffaCakes118.exe	88

C:\Users\Admin\AppData\Local\Temp\f61c89c3c07f51a033653911c9f93066_JaffaCakes118.exe

Filesize
11.7MB

MD5
f82d8b9048d383d5137f05399e13d5ff

SHA1
c1f4a4fec89d859e7b2de4650a4b3ad26a265dd6

SHA256
13a93dec624fbde900902799ce3b2cf6abd28c090a296c4551f50d0527b2203f

SHA512
d63f167570227708f39249d943782f049697fa9ebc8f7f5ba3610373131735e04b96402b6067e76bf198737036f92888c2be9a571b8ca8efd01d9c4a9c434c2a

Download Submit
memory/1092-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1092-1-0x0000000001D00000-0x0000000001E33000-memory.dmp

Filesize
1.2MB

Download
memory/1092-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1092-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4124-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4124-15-0x0000000001DD0000-0x0000000001F03000-memory.dmp

Filesize
1.2MB

Download
memory/4124-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4124-20-0x00000000056D0000-0x00000000058FA000-memory.dmp

Filesize
2.2MB

Download
memory/4124-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4124-42-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download