04c5ce7868c4b69fd8e7a7234c0282fb38dc456373e865d48cf6307e850fb01f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 23:57

Target

150e18e10c6b33b59f02ee44ee239d3b_JaffaCakes118.exe
Size

1.1MB
MD5

150e18e10c6b33b59f02ee44ee239d3b
SHA1

3e439f3245c2b8d3d32dfda3efa54761e1f7680a
SHA256

04c5ce7868c4b69fd8e7a7234c0282fb38dc456373e865d48cf6307e850fb01f
SHA512

3cdfcb1d036be8fac5da2c3bdf9996ab109118db5ae75df53e07e096a0bfccfa685c01857cdca15e79cc55f3c782b1349049fd7e3e34984e913176768d967a2e
SSDEEP

24576:nppW+SM2ODMbjJbGWyJpDCvQPqw+OCCjluPgdCnfXLWbKvBuMIBnY9J4vQX:npMBM22ExTyfTCR7XjXLttMI

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3024-0-0x0000000000400000-0x000000000071B000-memory.dmp	upx
behavioral2/memory/3024-2-0x0000000000400000-0x000000000071B000-memory.dmp	upx
behavioral2/memory/3024-3-0x0000000000400000-0x000000000071B000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3024	150e18e10c6b33b59f02ee44ee239d3b_JaffaCakes118.exe
3024	150e18e10c6b33b59f02ee44ee239d3b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\150e18e10c6b33b59f02ee44ee239d3b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\150e18e10c6b33b59f02ee44ee239d3b_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3024

memory/3024-0-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/3024-1-0x00000000009F0000-0x00000000009F1000-memory.dmp

Filesize
4KB

Download
memory/3024-2-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/3024-3-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/3024-4-0x00000000009F0000-0x00000000009F1000-memory.dmp

Filesize
4KB

Download