Analysis

  • max time kernel
    144s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 09:06

General

  • Target

    a4c5cb4b71b1f3ba561f6a5211f52993_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    a4c5cb4b71b1f3ba561f6a5211f52993

  • SHA1

    245ff1f891b632137638b50852de30750661e513

  • SHA256

    d839e399e59f11ec62be7d07c645b668d98a2eb8c0fdb2b0046a77c61d5fdc7f

  • SHA512

    1029d9c871eaf4a5ae7d256a21f1fe3b6465da734ccc1e3d41acbd8ef1ac06cec0ff40abb7028019db01f0683fc6adba29354049b6c600087f088fade2e4fac9

  • SSDEEP

    24576:FA/ecV0GS7MBqCqKs6GoBzFZM+wD2C+8piWtP5Slx+k9gJ4jRG3hv+O207VUpGDo:FIdKGS7MBq4s6GK+NMx+keiihv+A7VU7

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a4c5cb4b71b1f3ba561f6a5211f52993_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a4c5cb4b71b1f3ba561f6a5211f52993_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1700-0-0x0000000000400000-0x00000000007FB000-memory.dmp

    Filesize

    4.0MB

  • memory/1700-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

  • memory/1700-2-0x0000000000400000-0x00000000007FB000-memory.dmp

    Filesize

    4.0MB

  • memory/1700-3-0x00000000037B0000-0x00000000037B1000-memory.dmp

    Filesize

    4KB

  • memory/1700-4-0x0000000000400000-0x00000000007FB000-memory.dmp

    Filesize

    4.0MB

  • memory/1700-5-0x0000000000400000-0x00000000007FB000-memory.dmp

    Filesize

    4.0MB

  • memory/1700-6-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

  • memory/1700-7-0x0000000000400000-0x00000000007FB000-memory.dmp

    Filesize

    4.0MB

  • memory/1700-8-0x00000000037B0000-0x00000000037B1000-memory.dmp

    Filesize

    4KB