ae37e3eb795a7b6ca8aa3b7a4e6e4cf8688421b7a778aef800f292841b8f0487

Analysis

max time kernel
134s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 19:40

Target

f8a1c3d0075443a18a95cd63c44ea921_JaffaCakes118.exe
Size

5.8MB
MD5

f8a1c3d0075443a18a95cd63c44ea921
SHA1

074f4bf8cc1630b32964f03b548b54a484668e15
SHA256

ae37e3eb795a7b6ca8aa3b7a4e6e4cf8688421b7a778aef800f292841b8f0487
SHA512

ccb4c8915932207e70ec59c025069d5fe8d8e95af76d7f277c007cf15325d537f4b9a7c5df13fb1983b1abd5febf648723a45403a514a10d4017fd4d251b30bb
SSDEEP

98304:3ULWVNkD68gnw4Po44HBUCczzM3DSEuiejkfFyu18fv4HBUCczzM3:A+Ignw4PonWCHuzYAu64WC

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1976	f8a1c3d0075443a18a95cd63c44ea921_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
1976	f8a1c3d0075443a18a95cd63c44ea921_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1616-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023416-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1616	f8a1c3d0075443a18a95cd63c44ea921_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1616	f8a1c3d0075443a18a95cd63c44ea921_JaffaCakes118.exe
1976	f8a1c3d0075443a18a95cd63c44ea921_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 1976	1616	f8a1c3d0075443a18a95cd63c44ea921_JaffaCakes118.exe	87
PID 1616 wrote to memory of 1976	1616	f8a1c3d0075443a18a95cd63c44ea921_JaffaCakes118.exe	87
PID 1616 wrote to memory of 1976	1616	f8a1c3d0075443a18a95cd63c44ea921_JaffaCakes118.exe	87

C:\Users\Admin\AppData\Local\Temp\f8a1c3d0075443a18a95cd63c44ea921_JaffaCakes118.exe

Filesize
5.8MB

MD5
4252739a55548a3da5431ab14a6c10e3

SHA1
4c76fcdb8530ac3f7b5390171d4a3cb59f96c233

SHA256
ee186a833eb9c7b71c53b13604bb107073e24895bfdb03b0cb7773b51efd5c3c

SHA512
4307afaa9436c1cd24acd1ec854acc72f569376ebe02cf6181d29b846a00853ff9be50916ac4bbca54a01a20dd78fab76fe762e36ae981f35674ee96202d87f8

Download Submit
memory/1616-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1616-1-0x0000000001D00000-0x0000000001E33000-memory.dmp

Filesize
1.2MB

Download
memory/1616-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1616-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1976-13-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1976-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1976-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1976-20-0x00000000056C0000-0x00000000058EA000-memory.dmp

Filesize
2.2MB

Download
memory/1976-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1976-40-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download