a44f0097172c8da60f1a7c0f5ef75ee842e4b84b077b7665a314facfcb877f95

Analysis

max time kernel
91s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 13:03

Target

f80c9fa8ea3d4a95a2afe42740cf62b4_JaffaCakes118.exe
Size

1.3MB
MD5

f80c9fa8ea3d4a95a2afe42740cf62b4
SHA1

74bcba6a6fcf6f4ef68b241517f3c58c7305194d
SHA256

a44f0097172c8da60f1a7c0f5ef75ee842e4b84b077b7665a314facfcb877f95
SHA512

cd2cbd58b8c51a83fb591f424cfdaa172569da732672b30a67003036bf74a40513d1d446877a8cb1b1fa6b97cbabaf29b7cb23a68e37bafff7a4703f17a96ac5
SSDEEP

24576:dP0gqTissi62dod6Hly2PRSukhFRulOhY+Ah0nT3dcc6WQ6+Wc:F0asc2i4Q2PgXh3WOIeDdyTp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1244	f80c9fa8ea3d4a95a2afe42740cf62b4_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
1244	f80c9fa8ea3d4a95a2afe42740cf62b4_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/112-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000500000002326f-11.dat	upx
behavioral2/memory/1244-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
112	f80c9fa8ea3d4a95a2afe42740cf62b4_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
112	f80c9fa8ea3d4a95a2afe42740cf62b4_JaffaCakes118.exe
1244	f80c9fa8ea3d4a95a2afe42740cf62b4_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 1244	112	f80c9fa8ea3d4a95a2afe42740cf62b4_JaffaCakes118.exe	86
PID 112 wrote to memory of 1244	112	f80c9fa8ea3d4a95a2afe42740cf62b4_JaffaCakes118.exe	86
PID 112 wrote to memory of 1244	112	f80c9fa8ea3d4a95a2afe42740cf62b4_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\f80c9fa8ea3d4a95a2afe42740cf62b4_JaffaCakes118.exe

Filesize
1.3MB

MD5
af2dcbe47d8d418c6e9a3b4616a929ee

SHA1
1559e86533983afbb0373b215daf795f2cd9f36c

SHA256
8b8db235383d6d52af92d8881dfe9ca10128e986f645bbda868258f99c872749

SHA512
7372ae92965b760e5e4c98ef9ef215fa179e11c77ebbc51b31679b0408bf40a490830c937148fd99e8a2ff7cbdf8d88155203b0ad13fb1c139535189148616fa

Download Submit
memory/112-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/112-1-0x0000000001CD0000-0x0000000001E03000-memory.dmp

Filesize
1.2MB

Download
memory/112-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/112-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1244-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1244-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1244-15-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/1244-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1244-20-0x0000000005620000-0x000000000584A000-memory.dmp

Filesize
2.2MB

Download
memory/1244-42-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download