d6d37cb6de81f781b0fa1cdb0b308173bf0e6da73663011e8ca42ecd8e625652

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 05:05

Target

3df9d097dca6251f1db07bf42785b4bd_JaffaCakes118.exe
Size

13.3MB
MD5

3df9d097dca6251f1db07bf42785b4bd
SHA1

ac65ef39885ff2d8049360493a4e8e26efc59902
SHA256

d6d37cb6de81f781b0fa1cdb0b308173bf0e6da73663011e8ca42ecd8e625652
SHA512

a31b950f64ee0f35e74fea8dcdd69c9e6b249bfe59084b61468232542fec3f21ed6533f012ffad9365e4e429116880ce7aefb9791f5196d85e314181219455b7
SSDEEP

196608:dm82XlZWgTFzwq9Ief6GTD74W6PjKhRt96TGIAveSbMN6kH6/J/Zvgf3Tm+JCqKL:8TZTIeDTX2PjqtlIy35D74vT9Js6HlD6

Score

7^/10

upx

Executes dropped EXE 1 IoCs

pid	Process
2596	TempÇý¶¯°²×°.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/files/0x0007000000023305-5.dat	upx
behavioral2/memory/2596-7-0x0000000000400000-0x000000000084A000-memory.dmp	upx
behavioral2/memory/2596-10-0x0000000000400000-0x000000000084A000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
232	3df9d097dca6251f1db07bf42785b4bd_JaffaCakes118.exe
232	3df9d097dca6251f1db07bf42785b4bd_JaffaCakes118.exe
232	3df9d097dca6251f1db07bf42785b4bd_JaffaCakes118.exe
232	3df9d097dca6251f1db07bf42785b4bd_JaffaCakes118.exe
232	3df9d097dca6251f1db07bf42785b4bd_JaffaCakes118.exe
232	3df9d097dca6251f1db07bf42785b4bd_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
232	3df9d097dca6251f1db07bf42785b4bd_JaffaCakes118.exe
232	3df9d097dca6251f1db07bf42785b4bd_JaffaCakes118.exe
2596	TempÇý¶¯°²×°.exe
2596	TempÇý¶¯°²×°.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 2596	232	3df9d097dca6251f1db07bf42785b4bd_JaffaCakes118.exe	83
PID 232 wrote to memory of 2596	232	3df9d097dca6251f1db07bf42785b4bd_JaffaCakes118.exe	83
PID 232 wrote to memory of 2596	232	3df9d097dca6251f1db07bf42785b4bd_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\TempÇý¶¯°²×°.exe

Filesize
4.0MB

MD5
0eb708bd27e733a76d0a15415ffcaa35

SHA1
e6b60b66462034ba329b6b7bb2f7c2c157758674

SHA256
05375bf042c91d6164419d30e86ec5aee430360e948427bcb58e87413bc3a433

SHA512
8b032fb189cc2d897ac9d257567c34cd8f7918acde8bd3249d601681ebfdbdbd1f883528b50c3dfeb88bfe240ceb87d5bf9429ba2ba1b0f4bdbbadc5ac8e7462

Download Submit
memory/232-0-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/232-1-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/232-9-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/232-8-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/232-12-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/232-11-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/232-13-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/232-14-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/2596-7-0x0000000000400000-0x000000000084A000-memory.dmp

Filesize
4.3MB

Download
memory/2596-10-0x0000000000400000-0x000000000084A000-memory.dmp

Filesize
4.3MB

Download