93219d05886dc82c7e9144bae9ad10079e79955ceff2e687e6c9e087fd898bac

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
Size

113KB
MD5

fbcbb11583567f5a7892997c408f68e1
SHA1

e6f577fb1a299501090a414b0e851c338e49e10f
SHA256

93219d05886dc82c7e9144bae9ad10079e79955ceff2e687e6c9e087fd898bac
SHA512

9c394b7d0bea6b26fb3cce1f87bb3187b3bb2f155c51f4228dd3b004e7062523c98a5b3f426fdcdbc462d498273bddfc392970d985ea745dc2bea22dab2d133e
SSDEEP

1536:3UUUUUUUUUUHdTD+vvvvvvvvvh+UUUUUUUC9mIkkkkkkTyhhhhhhhMqgCZVU4H/9:blN9RkkkkkkTLqDX3fQKHIk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4960-0-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/4960-1-0x0000000000400000-0x0000000000423000-memory.dmp	upx
C:\Windows\win32dc\BattleField 1942(codes).exe	upx
behavioral2/memory/4960-22-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Drops file in Windows directory 20 IoCs

Processes:

fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\win32dc\Counter-Strike + patch.exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Counter-Strike(cheat).exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\DAoC + serial.exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File created	C:\Windows\win32dc\Quake3 + crack.exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Quake3 + crack.exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File created	C:\Windows\win32dc\Quake3_codes.exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File created	C:\Windows\win32dc\Counter-Strike(cheat).exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File created	C:\Windows\win32dc\DAoC + serial.exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File created	C:\Windows\win32dc\Doom 3_crack.exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Sims 2(patch).exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Quake3_codes.exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\BattleField 1942(codes).exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Doom 3_crack.exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File created	C:\Windows\win32dc\Counter-Strike + patch.exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File created	C:\Windows\win32dc\Doom 3(codes).exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File created	C:\Windows\win32dc\Sims 2_codes.exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File created	C:\Windows\win32dc\Sims 2(patch).exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Sims 2_codes.exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Doom 3(codes).exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
File created	C:\Windows\win32dc\BattleField 1942(codes).exe	fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fbcbb11583567f5a7892997c408f68e1_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\win32dc\BattleField 1942(codes).exe
Filesize
117KB

MD5
fc4d20c0fb42928eadac336f9f5ac9d6

SHA1
3b78ec1f49f09cc2777fae6231aa5651a6b0849d

SHA256
48ecf521fef34f0c068e03f3a8ed7be626f167160bb95a65bcb1ac2f6a23f961

SHA512
4c4f395be0bf9b0d5d77c79f43092baeab5acf053bb5f5ee0b763cf1851ed4ce740c9bd31c361f611d9400d9677bb889b52bc22e81218ac35d7de089c737c8cb

Download Submit
memory/4960-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4960-1-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4960-22-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download