d1b61efec101357e17ff70f1b7fb937fcea4a4c73ef24d77ed2a484315186c86

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 23:23

Target

507385b76cdd9b6eb66bd848d5f610e7JaffaCakes118.exe
Size

401KB
MD5

507385b76cdd9b6eb66bd848d5f610e7
SHA1

d42e38e87d70ea197415b25dbcb06c107b7d74b8
SHA256

d1b61efec101357e17ff70f1b7fb937fcea4a4c73ef24d77ed2a484315186c86
SHA512

311aeb502cbcf59beda5f033a9e85dfa1afb2a0d16c90e200c4c1d846ccb46ea5c3b0df69abfee6c2dacfc51ee43e566f8c1bab8a1680e5d8243b5d54dd9c7ff
SSDEEP

6144:aVmt78kc9NuzrYyyTZC9e2HyTkZtOiV64cYl5gR8O2VRrhZMYXPo3:aQJ8ZYyTZ92HyTpiV67bRiZvPM

Score

7^/10

agilenet

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

resource	yara_rule
behavioral1/memory/1992-7-0x00000000009A0000-0x00000000009AA000-memory.dmp	agile_net

Program crash 1 IoCs

pid	pid_target	Process	procid_target
800	1992	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1992	507385b76cdd9b6eb66bd848d5f610e7JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 800	1992	507385b76cdd9b6eb66bd848d5f610e7JaffaCakes118.exe	30
PID 1992 wrote to memory of 800	1992	507385b76cdd9b6eb66bd848d5f610e7JaffaCakes118.exe	30
PID 1992 wrote to memory of 800	1992	507385b76cdd9b6eb66bd848d5f610e7JaffaCakes118.exe	30
PID 1992 wrote to memory of 800	1992	507385b76cdd9b6eb66bd848d5f610e7JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\507385b76cdd9b6eb66bd848d5f610e7JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\507385b76cdd9b6eb66bd848d5f610e7JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 932
  2⤵
  - Program crash
  PID:800

memory/1992-0-0x000000007443E000-0x000000007443F000-memory.dmp

Filesize
4KB

Download
memory/1992-1-0x0000000000C20000-0x0000000000C8A000-memory.dmp

Filesize
424KB

Download
memory/1992-2-0x0000000000740000-0x0000000000770000-memory.dmp

Filesize
192KB

Download
memory/1992-3-0x0000000074430000-0x0000000074B1E000-memory.dmp

Filesize
6.9MB

Download
memory/1992-4-0x000000007443E000-0x000000007443F000-memory.dmp

Filesize
4KB

Download
memory/1992-5-0x0000000000510000-0x0000000000518000-memory.dmp

Filesize
32KB

Download
memory/1992-6-0x0000000000520000-0x000000000052E000-memory.dmp

Filesize
56KB

Download
memory/1992-7-0x00000000009A0000-0x00000000009AA000-memory.dmp

Filesize
40KB

Download
memory/1992-8-0x0000000074430000-0x0000000074B1E000-memory.dmp

Filesize
6.9MB

Download