7210a367d97a60e57f5d606b9c1f300163eec90fcbb6fb65284523a300880434

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 11:35

Target

f7e80281bb262329a7b1b05480efda5b_JaffaCakes118.exe
Size

221KB
MD5

f7e80281bb262329a7b1b05480efda5b
SHA1

58e1d93be51b89e37892576fb6244d85aa5161cc
SHA256

7210a367d97a60e57f5d606b9c1f300163eec90fcbb6fb65284523a300880434
SHA512

2985537a142731b36bfd657fde50e0bfad50a77d382e84339904cd844ff5683587c6109ca412f5b641b3f991c417f348a1755a68c6c0b16e00a83eae3fc70e00
SSDEEP

6144:AFrM8ydZ8JTTPlrPMWbMgMJqTvrzXX0ll:GMNZ2TdrMRJ+nXX6

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3032-0-0x0000000000400000-0x0000000000431000-memory.dmp	upx
behavioral1/memory/3032-3-0x0000000000400000-0x0000000000431000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3032	f7e80281bb262329a7b1b05480efda5b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f7e80281bb262329a7b1b05480efda5b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f7e80281bb262329a7b1b05480efda5b_JaffaCakes118.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:3032

memory/3032-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3032-1-0x00000000002E0000-0x0000000000311000-memory.dmp

Filesize
196KB

Download
memory/3032-2-0x00000000002E0000-0x0000000000311000-memory.dmp

Filesize
196KB

Download
memory/3032-3-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download