e42e9d75edc89e727602fa464f83d595559dc97d72afa6f3ee3848225c5e01e6

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 09:39

Target

868e0c87faa8c1e099d1cc3d8929c4f3_JaffaCakes118.exe
Size

300KB
MD5

868e0c87faa8c1e099d1cc3d8929c4f3
SHA1

15025278945ba2f4e6a94d10b059520aef46e05c
SHA256

e42e9d75edc89e727602fa464f83d595559dc97d72afa6f3ee3848225c5e01e6
SHA512

7862b9c2bea1f60c8d61b9a0bb51a418b45a77caf8e21c271a9fd37b15de91287b78b08c988c9e1404a9c9f4ab89b6c29fd92df0a6cecd7a3ea3660579ef8038
SSDEEP

6144:pf0JqTsDBjpjbqrhJ2iqQ9qMpmnIYSAY4YTTrpqjCGWcGSnY5rQq:0Ljmrf2iqQRMIJAYVTrcjCGLnYv

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1544-4-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/1544-6-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/1544-7-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/1544-10-0x0000000000400000-0x0000000000411000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2276 set thread context of 1544	2276	868e0c87faa8c1e099d1cc3d8929c4f3_JaffaCakes118.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1544	868e0c87faa8c1e099d1cc3d8929c4f3_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 1544	2276	868e0c87faa8c1e099d1cc3d8929c4f3_JaffaCakes118.exe	28
PID 2276 wrote to memory of 1544	2276	868e0c87faa8c1e099d1cc3d8929c4f3_JaffaCakes118.exe	28
PID 2276 wrote to memory of 1544	2276	868e0c87faa8c1e099d1cc3d8929c4f3_JaffaCakes118.exe	28
PID 2276 wrote to memory of 1544	2276	868e0c87faa8c1e099d1cc3d8929c4f3_JaffaCakes118.exe	28
PID 2276 wrote to memory of 1544	2276	868e0c87faa8c1e099d1cc3d8929c4f3_JaffaCakes118.exe	28
PID 2276 wrote to memory of 1544	2276	868e0c87faa8c1e099d1cc3d8929c4f3_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\868e0c87faa8c1e099d1cc3d8929c4f3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\868e0c87faa8c1e099d1cc3d8929c4f3_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Users\Admin\AppData\Local\Temp\868e0c87faa8c1e099d1cc3d8929c4f3_JaffaCakes118.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1544

memory/1544-0-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1544-2-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/1544-4-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/1544-6-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/1544-7-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/1544-10-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download