d2ac129674994e0bab0f944da5fe20287d68f47918e2487b2dc266fddd47f944

Analysis

max time kernel
91s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 22:22

Target

f8e006cd0a4c8b8e97a2dd1f702b02f1_JaffaCakes118.exe
Size

2.9MB
MD5

f8e006cd0a4c8b8e97a2dd1f702b02f1
SHA1

c7302f55e780bc58c237660e91be397d78210f87
SHA256

d2ac129674994e0bab0f944da5fe20287d68f47918e2487b2dc266fddd47f944
SHA512

4ceebf50c451cf3c739755817c5e82355f21ebf83e96cb95dca5384b31e35d1e3bda0e53377d17c6cacdae1f8004258a7d828ef65f479b5b04840006c6c67699
SSDEEP

49152:VO6ipogn1BwvHdawG5N74NH5HUyNRcUsCVOzetdZJ:Vri3O9e54HBUCczzM3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3880	f8e006cd0a4c8b8e97a2dd1f702b02f1_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
3880	f8e006cd0a4c8b8e97a2dd1f702b02f1_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3736-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0009000000023401-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3736	f8e006cd0a4c8b8e97a2dd1f702b02f1_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3736	f8e006cd0a4c8b8e97a2dd1f702b02f1_JaffaCakes118.exe
3880	f8e006cd0a4c8b8e97a2dd1f702b02f1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 3880	3736	f8e006cd0a4c8b8e97a2dd1f702b02f1_JaffaCakes118.exe	83
PID 3736 wrote to memory of 3880	3736	f8e006cd0a4c8b8e97a2dd1f702b02f1_JaffaCakes118.exe	83
PID 3736 wrote to memory of 3880	3736	f8e006cd0a4c8b8e97a2dd1f702b02f1_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\f8e006cd0a4c8b8e97a2dd1f702b02f1_JaffaCakes118.exe

Filesize
2.9MB

MD5
735a1381d0598e30c5b2c81b7c94226b

SHA1
1fe6c3280ad14c8d6a2940d84b064257f3feef53

SHA256
32f3b53a0b6e170761d573b5ba5a20a21b45a25e519e3e6239265769e83f8f0d

SHA512
5fbdced6071d5bc3ee2dcb0c60aeeaa26347263fd53c3ddde81380c3d3e126bedb322e897650bf367e4bfcd4a5a30e64a75b6fffad3bc4918d154cc94e82e203

Download Submit
memory/3736-1-0x0000000001D80000-0x0000000001EB3000-memory.dmp

Filesize
1.2MB

Download
memory/3736-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3736-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3736-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3880-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3880-13-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3880-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3880-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3880-20-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/3880-42-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download