6edeab951e9620095aea89a7df0d42d4d1a49318704923ae83e70c2cf45b944c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10-06-2024 16:51

Target

9b5e0df2e1193e3e27ecc7347708fcda_JaffaCakes118.exe
Size

453KB
MD5

9b5e0df2e1193e3e27ecc7347708fcda
SHA1

77b66e1535b0d32e247ff24b3cbeb3b4545be4de
SHA256

6edeab951e9620095aea89a7df0d42d4d1a49318704923ae83e70c2cf45b944c
SHA512

0ea6e50c323f2f702261e9e935a6a34ee07b0dc761e38c5653c32a52c44a24d5fbea87f5a7241da47f6380859e3bc96f192aedb0c8935d2babf07e849ba5d402
SSDEEP

12288:wIfbXwGiNqcBPgrZhVCPATOGLOz8dHKNbPyne4l:Ffbw5BPAzx

Score

7^/10

agilenet

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

Processes:

resource	yara_rule
behavioral1/memory/2064-4-0x0000000000650000-0x00000000006B6000-memory.dmp	agile_net

C:\Users\Admin\AppData\Local\Temp\9b5e0df2e1193e3e27ecc7347708fcda_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9b5e0df2e1193e3e27ecc7347708fcda_JaffaCakes118.exe"
1⤵
PID:2064

memory/2064-0-0x00000000748AE000-0x00000000748AF000-memory.dmp

Filesize
4KB

Download
memory/2064-1-0x00000000001A0000-0x0000000000218000-memory.dmp

Filesize
480KB

Download
memory/2064-2-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2064-3-0x00000000748A0000-0x0000000074F8E000-memory.dmp

Filesize
6.9MB

Download
memory/2064-4-0x0000000000650000-0x00000000006B6000-memory.dmp

Filesize
408KB

Download
memory/2064-5-0x0000000000330000-0x0000000000346000-memory.dmp

Filesize
88KB

Download
memory/2064-6-0x00000000748A0000-0x0000000074F8E000-memory.dmp

Filesize
6.9MB

Download