3640cb953afc3b228c9690c53939b49cd79a08154ea9676be29aa969aba3751a

Analysis

max time kernel
142s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 18:14

Target

fae2e2a8e1d11b827448c36bb2d1e887_JaffaCakes118.exe
Size

1.5MB
MD5

fae2e2a8e1d11b827448c36bb2d1e887
SHA1

73e0f1c8cd921a4dc88a721fdcff3b9e855361e0
SHA256

3640cb953afc3b228c9690c53939b49cd79a08154ea9676be29aa969aba3751a
SHA512

304ed8d0b82ea41e5c915b164a0ee70eb23cf509b1e77ab4beb56413f5080763411c9bf73d56721025eba846f3d298b36e22fbf2bebe658fde52105a77358496
SSDEEP

24576:IIFyX/imCPxdud7yW9/btwPzWX2eA72cHfRNsZ3y7k8J/iD4huRW:IIFyXK/xId7yMbtc2fA7L/RiZ3yg8JaH

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1920	fae2e2a8e1d11b827448c36bb2d1e887_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
1920	fae2e2a8e1d11b827448c36bb2d1e887_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5072-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000001e97a-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5072	fae2e2a8e1d11b827448c36bb2d1e887_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5072	fae2e2a8e1d11b827448c36bb2d1e887_JaffaCakes118.exe
1920	fae2e2a8e1d11b827448c36bb2d1e887_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 1920	5072	fae2e2a8e1d11b827448c36bb2d1e887_JaffaCakes118.exe	84
PID 5072 wrote to memory of 1920	5072	fae2e2a8e1d11b827448c36bb2d1e887_JaffaCakes118.exe	84
PID 5072 wrote to memory of 1920	5072	fae2e2a8e1d11b827448c36bb2d1e887_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\fae2e2a8e1d11b827448c36bb2d1e887_JaffaCakes118.exe

Filesize
1.5MB

MD5
d5b06f879ca2e8114bfce1e982dfca33

SHA1
a86e6d95b98b5bfc5f8127aa65f1d1a9e60fc06e

SHA256
288874b59bad581f3c32ba7d07a1388a443f7edf37a9cf75a2ebb294e480f5cf

SHA512
414047138f984a608726c3e3d5123203a9713a08187713393580fcf839c2a3154987042bec81a22efd9d3fca428b207cf117084b92d1b6e10cf6fca065111c20

Download Submit
memory/1920-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1920-14-0x0000000001D90000-0x0000000001EC3000-memory.dmp

Filesize
1.2MB

Download
memory/1920-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1920-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1920-20-0x0000000005690000-0x00000000058BA000-memory.dmp

Filesize
2.2MB

Download
memory/1920-42-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5072-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5072-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/5072-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5072-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download