ae369f4465c33d30e43b454d53a40419253be7c7f856679172c46c3c8f335a9e

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 03:55

Target

f9732881d23c236961c31b1a23305534_JaffaCakes118.exe
Size

2.9MB
MD5

f9732881d23c236961c31b1a23305534
SHA1

4f9104630e2bb6fb0c1d53a3c85be1bb44a6be15
SHA256

ae369f4465c33d30e43b454d53a40419253be7c7f856679172c46c3c8f335a9e
SHA512

1fb646190b45a2954693efc62f82717e26c78ed17f3ab3c50fb7b8a3314f15ae0aceed7b2773c3f20db41dbaaf5557bbb4ecbf922bb5576387f0d1df7cd65914
SSDEEP

49152:I0fSffZVSSXIVFmzx3wui3bK1j35lpPS6y2fuKR/OTFYH:MffZVP4nXui3q35l7m5E

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4108	f9732881d23c236961c31b1a23305534_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4108	f9732881d23c236961c31b1a23305534_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5028-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000b0000000233fb-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5028	f9732881d23c236961c31b1a23305534_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5028	f9732881d23c236961c31b1a23305534_JaffaCakes118.exe
4108	f9732881d23c236961c31b1a23305534_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 4108	5028	f9732881d23c236961c31b1a23305534_JaffaCakes118.exe	86
PID 5028 wrote to memory of 4108	5028	f9732881d23c236961c31b1a23305534_JaffaCakes118.exe	86
PID 5028 wrote to memory of 4108	5028	f9732881d23c236961c31b1a23305534_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\f9732881d23c236961c31b1a23305534_JaffaCakes118.exe

Filesize
2.9MB

MD5
cd0345200dbcd0afbb628c69b9781076

SHA1
31f12423a05b6c54523d77c73c379cc1d4f549f3

SHA256
6d581a3e4b7f053307e2e23e6ca676e4b2a5869d3b1534eb9a86ed9ef63b52b7

SHA512
3162a9ee95de3674be1f9d036e9bec4c1ed69138148c4310ebe0759d1fdc1fb12087de239025f88268136af6e490801c6a4364c2f1c5d41600c913a6be794de1

Download Submit
memory/4108-13-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4108-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4108-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4108-20-0x00000000055F0000-0x000000000581A000-memory.dmp

Filesize
2.2MB

Download
memory/4108-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4108-40-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5028-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5028-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/5028-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5028-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download