a397ec9cadd4ea511c0b37fe31a67dae8e0277ed8baf583ae1914f04883a9194

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 11:45

Target

fcb23b1b99d7bd05bd1f57a95075decb_JaffaCakes118.exe
Size

1.3MB
MD5

fcb23b1b99d7bd05bd1f57a95075decb
SHA1

51943216872e097f0d54c13a6cf14bea0cc63426
SHA256

a397ec9cadd4ea511c0b37fe31a67dae8e0277ed8baf583ae1914f04883a9194
SHA512

13e89c86dfe322c2733c5ae6547433677fdaae398863efb65c33f802c2718f5885330fb2490da4df9580f39c20097f257195aad03b9444d362c82bd1335c3409
SSDEEP

24576:pCMgvj0EWqWCZLL+J3/teF67vwOS3Y+Ne3lvVpVqFd1RqEGvG:psvYEaCZLL+h/te47YO8FNwv3cFd

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2788	fcb23b1b99d7bd05bd1f57a95075decb_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2788	fcb23b1b99d7bd05bd1f57a95075decb_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3120-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral2/files/0x000300000001e9b1-13.dat	upx
behavioral2/memory/2788-15-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3120	fcb23b1b99d7bd05bd1f57a95075decb_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3120	fcb23b1b99d7bd05bd1f57a95075decb_JaffaCakes118.exe
2788	fcb23b1b99d7bd05bd1f57a95075decb_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 2788	3120	fcb23b1b99d7bd05bd1f57a95075decb_JaffaCakes118.exe	87
PID 3120 wrote to memory of 2788	3120	fcb23b1b99d7bd05bd1f57a95075decb_JaffaCakes118.exe	87
PID 3120 wrote to memory of 2788	3120	fcb23b1b99d7bd05bd1f57a95075decb_JaffaCakes118.exe	87

C:\Users\Admin\AppData\Local\Temp\fcb23b1b99d7bd05bd1f57a95075decb_JaffaCakes118.exe

Filesize
1.3MB

MD5
a09649d87a5ef0c0c1e6a67d8cc99348

SHA1
018137262822da8cf4aa952bbf64e9040d4c75ff

SHA256
ef4f5a8165f20aa9b048976b8b6419e2604da75f9190a4d9e4eb9a092eee95f4

SHA512
3dee939c96ea98dd007d5f09b8ffecf7d60af3fdfb59cb6d4835459886914840bab8e897ef76adab8e4ff6add2c72e735d0dbca0a5fbb0ea2c9ee2373a4e5ca6

Download Submit
memory/2788-15-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2788-17-0x0000000001C50000-0x0000000001D62000-memory.dmp

Filesize
1.1MB

Download
memory/2788-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2788-38-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/3120-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/3120-1-0x0000000001870000-0x0000000001982000-memory.dmp

Filesize
1.1MB

Download
memory/3120-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/3120-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download