911cc57de9a07152d5e12751c27e0dd30dabe2bdb3760fbcad9b70c4bb37d53d

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 14:17

Target

fcf21020cabac047c26ab13d4e3a04c5_JaffaCakes118.exe
Size

2.9MB
MD5

fcf21020cabac047c26ab13d4e3a04c5
SHA1

05502dab4dbfdbbdb12c3645ac29147951a92b05
SHA256

911cc57de9a07152d5e12751c27e0dd30dabe2bdb3760fbcad9b70c4bb37d53d
SHA512

5f7ae1d95fee3beeac9f8fdaa03ebb8ff9e084997441003517b8b88eef404cb7357a9af95fd4640b4cc3c753d74c28c94b86632b340916b854c19db808ef4cb2
SSDEEP

49152:wJQjvgq+y6klYPMFK4a5o1N/SwWuuV+Lrs9ImX2Ir1gFpkDjl5ATdA:wyjv96sycFaoQwWuuV+UX2IJl5ATC

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2848	fcf21020cabac047c26ab13d4e3a04c5_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2848	fcf21020cabac047c26ab13d4e3a04c5_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4912-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00080000000233e6-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4912	fcf21020cabac047c26ab13d4e3a04c5_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4912	fcf21020cabac047c26ab13d4e3a04c5_JaffaCakes118.exe
2848	fcf21020cabac047c26ab13d4e3a04c5_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 2848	4912	fcf21020cabac047c26ab13d4e3a04c5_JaffaCakes118.exe	82
PID 4912 wrote to memory of 2848	4912	fcf21020cabac047c26ab13d4e3a04c5_JaffaCakes118.exe	82
PID 4912 wrote to memory of 2848	4912	fcf21020cabac047c26ab13d4e3a04c5_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\fcf21020cabac047c26ab13d4e3a04c5_JaffaCakes118.exe

Filesize
2.9MB

MD5
de6756cb1203e6c08e04394d8460a5cf

SHA1
36604ce551e6cad2034dec4b3c13372d6602f9fe

SHA256
cfdc833bd54d0f1964b5b4de6ab91cf2cd2319c6f0fd8be2e8a76a63b36faaaa

SHA512
c4ee077e377631ffc97bc52d1c96ca469f72481fd3fe7acc3e7152f5b339e83a788192ce007016213d444301495e3155bbaed43d57c4efb27d7d1014cba6f0ce

Download Submit
memory/2848-12-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2848-15-0x0000000001CB0000-0x0000000001DE3000-memory.dmp

Filesize
1.2MB

Download
memory/2848-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2848-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2848-21-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/2848-40-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4912-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4912-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4912-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4912-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download