8c51907ae78f0ef8f3503165d2da098c22c59fcda553658ed227cb180a21d01f

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 11:54

Target

3475a3091ff9da3b8f75ca984a5f3acb_JaffaCakes118.exe
Size

29KB
MD5

3475a3091ff9da3b8f75ca984a5f3acb
SHA1

16f6a9a44043357701775e4c993eb5f7c692d601
SHA256

8c51907ae78f0ef8f3503165d2da098c22c59fcda553658ed227cb180a21d01f
SHA512

350038c047c83ad0283bf0c4c39ccacab265b8254292ec5df9697e377d3b7554bf20bd4650300360c804fe8d27a37ddd074a6e406781acff7134f6301a1d0eed
SSDEEP

768:Fvzlc/haT0rwKMu2Ht5EfUl+zMGZg79TAp49Q:llc/haTpKMu2EUl17FA3

Score

7^/10

agilenet

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

Processes:

resource	yara_rule
behavioral1/memory/1136-2-0x0000000000360000-0x0000000000374000-memory.dmp	agile_net

C:\Users\Admin\AppData\Local\Temp\3475a3091ff9da3b8f75ca984a5f3acb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3475a3091ff9da3b8f75ca984a5f3acb_JaffaCakes118.exe"
1⤵
PID:1136

memory/1136-0-0x000007FEF53F3000-0x000007FEF53F4000-memory.dmp

Filesize
4KB

Download
memory/1136-1-0x00000000003C0000-0x00000000003C8000-memory.dmp

Filesize
32KB

Download
memory/1136-2-0x0000000000360000-0x0000000000374000-memory.dmp

Filesize
80KB

Download
memory/1136-3-0x000007FEF53F0000-0x000007FEF5DDC000-memory.dmp

Filesize
9.9MB

Download