d6d0259ce624218204ccd32ac0e1028a4692ac732dd5f2bf98d81a67ef635ed7

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 06:12

Target

f9abb9d97fa8b66374c60b3a5253c9b6_JaffaCakes118.exe
Size

5.8MB
MD5

f9abb9d97fa8b66374c60b3a5253c9b6
SHA1

e3a3e6338a18ae04ea7af7f5684541ff15f83154
SHA256

d6d0259ce624218204ccd32ac0e1028a4692ac732dd5f2bf98d81a67ef635ed7
SHA512

2ca03f98cd4e802f2c95a09145dad26865084c1ff118fc0a6959b0ef5077ad949498c8decbaa17699b1e069391ce4823b460d0fadcb07a12858155325bdfc142
SSDEEP

98304:EKGR2+HpGajMVBsHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:EbrHpMVcauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2848	f9abb9d97fa8b66374c60b3a5253c9b6_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2848	f9abb9d97fa8b66374c60b3a5253c9b6_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2476-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000800000001db0e-11.dat	upx
behavioral2/memory/2848-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2476	f9abb9d97fa8b66374c60b3a5253c9b6_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2476	f9abb9d97fa8b66374c60b3a5253c9b6_JaffaCakes118.exe
2848	f9abb9d97fa8b66374c60b3a5253c9b6_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2848	2476	f9abb9d97fa8b66374c60b3a5253c9b6_JaffaCakes118.exe	84
PID 2476 wrote to memory of 2848	2476	f9abb9d97fa8b66374c60b3a5253c9b6_JaffaCakes118.exe	84
PID 2476 wrote to memory of 2848	2476	f9abb9d97fa8b66374c60b3a5253c9b6_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\f9abb9d97fa8b66374c60b3a5253c9b6_JaffaCakes118.exe

Filesize
5.8MB

MD5
bd5baa5b36cb1ecbb1966d28a3a8c566

SHA1
c20dea33bc2c736e6dab7e5ac5682230cf7c6fe3

SHA256
e85f908edd55ab15862efbfedbc752bb7932048bfb58c23927a50b947c48f1cc

SHA512
e41a45873758e397c545105e05c0950a0c0128b866c4f231453fe57c4f7f310cc0f783af7c52208c9547fb3ca42e7bcee55450a31ca9df48f7a9165dee2cbbaa

Download Submit
memory/2476-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2476-1-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/2476-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2476-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2848-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2848-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2848-17-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2848-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2848-21-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/2848-42-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download