0ff3f4dc4cdf08b680e50bea81faf6acff29c7e1523a5ecd464a6f68c93c3e7a

Analysis

max time kernel
150s
max time network
58s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
Size

432KB
MD5

02035df408651c6f98dff1d10e18c524
SHA1

88d356d2082738c2a039d472de2aa8c19caf5e50
SHA256

0ff3f4dc4cdf08b680e50bea81faf6acff29c7e1523a5ecd464a6f68c93c3e7a
SHA512

eefae95e5d285b95ebc9279fda40eae50583557a585f8aa3c25e2ceb47c2f872bacaef8e73a4952f056b62d4db29a7698883d2ce9611ce7a89da71666b58471f
SSDEEP

12288:/T7p3u8LpUWUFlHGA1sn0lqSb1Z1fObCPm9qpy1x2H:rEhH+04SJZdOsm9P1x2H

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4400-1-0x0000000000400000-0x000000000047A000-memory.dmp	upx
behavioral2/memory/4400-2-0x0000000000400000-0x0000000000485000-memory.dmp	upx

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\5761b2dc-ce77-4bfa-b965-6f33b1867cf2	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
4400	02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\02035df408651c6f98dff1d10e18c524_JaffaCakes118.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
PID:4400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4400-0-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/4400-1-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4400-2-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download