88e5b30907e248585cbcde4cf4dadee1079f5068847a6368fac83e4a0e7b2722

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 09:11

Target

fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe
Size

1.5MB
MD5

fef1d5396d9b36eed20f7f966a5b914b
SHA1

78c6df8a50e2862bf99a62000ed88377b8477a47
SHA256

88e5b30907e248585cbcde4cf4dadee1079f5068847a6368fac83e4a0e7b2722
SHA512

147a7ecb9fc7eaa88419a77654e0c6ed264ff518af001c963caba3e2e659dc5d746265c5505d075352b9ffcb217d00f40455a0032136a2033c755a8097de6799
SSDEEP

24576:U1M13Lm7p0L645/a1gmqjtK1E8PDlYsnMkkYx+ttszumyosYzRo9ogP5H+O2/+BU:Um9LAOG+aamqR2DlYsnMTFLmy4la+h/G

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3652	fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
3652	fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2444-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000001e970-11.dat	upx
behavioral2/memory/3652-12-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2444	fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2444	fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe
3652	fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 3652	2444	fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe	86
PID 2444 wrote to memory of 3652	2444	fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe	86
PID 2444 wrote to memory of 3652	2444	fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe

Filesize
1.5MB

MD5
6646f340409a8cf4bca01ce7fc57e967

SHA1
397cfaeb62c6ec4077e0b3ac5c10a0c108bb14f6

SHA256
88b8cc4b9e3f58e27c31cfb2f8c08a0fbf2958da929d5ae26f2d4ae07bc92250

SHA512
26923b2c79e8315e14ce92174155b972e45b85dde76fee3f1ffbb9338bd9b536a7e69364c1da395a542c2808664c7b57430094fe509626f990d8fbdd3d687a4e

Download Submit
memory/2444-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2444-1-0x0000000001D30000-0x0000000001E63000-memory.dmp

Filesize
1.2MB

Download
memory/2444-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2444-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3652-12-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3652-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3652-13-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3652-21-0x00000000056D0000-0x00000000058FA000-memory.dmp

Filesize
2.2MB

Download
memory/3652-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3652-42-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download