8c51907ae78f0ef8f3503165d2da098c22c59fcda553658ed227cb180a21d01f

Analysis

max time kernel
143s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 11:54

Target

3475a3091ff9da3b8f75ca984a5f3acb_JaffaCakes118.exe
Size

29KB
MD5

3475a3091ff9da3b8f75ca984a5f3acb
SHA1

16f6a9a44043357701775e4c993eb5f7c692d601
SHA256

8c51907ae78f0ef8f3503165d2da098c22c59fcda553658ed227cb180a21d01f
SHA512

350038c047c83ad0283bf0c4c39ccacab265b8254292ec5df9697e377d3b7554bf20bd4650300360c804fe8d27a37ddd074a6e406781acff7134f6301a1d0eed
SSDEEP

768:Fvzlc/haT0rwKMu2Ht5EfUl+zMGZg79TAp49Q:llc/haTpKMu2EUl17FA3

Score

7^/10

agilenet

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

Processes:

resource	yara_rule
behavioral2/memory/776-2-0x0000000000840000-0x0000000000854000-memory.dmp	agile_net
behavioral2/memory/776-6-0x00007FFA95280000-0x00007FFA95D41000-memory.dmp	agile_net

C:\Users\Admin\AppData\Local\Temp\3475a3091ff9da3b8f75ca984a5f3acb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3475a3091ff9da3b8f75ca984a5f3acb_JaffaCakes118.exe"
1⤵
PID:776

memory/776-0-0x00007FFA95283000-0x00007FFA95285000-memory.dmp

Filesize
8KB

Download
memory/776-1-0x00000000000A0000-0x00000000000A8000-memory.dmp

Filesize
32KB

Download
memory/776-2-0x0000000000840000-0x0000000000854000-memory.dmp

Filesize
80KB

Download
memory/776-3-0x000000001B3B0000-0x000000001B8D8000-memory.dmp

Filesize
5.2MB

Download
memory/776-5-0x00007FFA95280000-0x00007FFA95D41000-memory.dmp

Filesize
10.8MB

Download
memory/776-6-0x00007FFA95280000-0x00007FFA95D41000-memory.dmp

Filesize
10.8MB

Download