b86a1b0d9fa058fc381518c5759e6cdee7bd4739fa2dfe0b15e160c6bf7b355c

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 18:07

Target

088040bf7ec08aede99c4094acbca007_JaffaCakes118.exe
Size

192KB
MD5

088040bf7ec08aede99c4094acbca007
SHA1

8016843d9ff4270e9ba9661cca07797cb167f9da
SHA256

b86a1b0d9fa058fc381518c5759e6cdee7bd4739fa2dfe0b15e160c6bf7b355c
SHA512

642ab27fe7995d4495f643e1ba7c687bead7292efc79a990bcd302d1c48e57d3ab21ca9b99f80735fb6b55bb6be7171b999ea2ab0f72c45d9d74eea300e99170
SSDEEP

6144:/qknyubREh99VbXlvYY6lw1ogcdCltYd7:/qk/bkVRvYT6ltm7

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3036-0-0x0000000000400000-0x000000000043E000-memory.dmp	upx
behavioral1/memory/3036-2-0x0000000000230000-0x000000000025B000-memory.dmp	upx

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3036	088040bf7ec08aede99c4094acbca007_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2872	3036	088040bf7ec08aede99c4094acbca007_JaffaCakes118.exe	28
PID 3036 wrote to memory of 2872	3036	088040bf7ec08aede99c4094acbca007_JaffaCakes118.exe	28
PID 3036 wrote to memory of 2872	3036	088040bf7ec08aede99c4094acbca007_JaffaCakes118.exe	28
PID 3036 wrote to memory of 2872	3036	088040bf7ec08aede99c4094acbca007_JaffaCakes118.exe	28
PID 3036 wrote to memory of 2872	3036	088040bf7ec08aede99c4094acbca007_JaffaCakes118.exe	28
PID 3036 wrote to memory of 2872	3036	088040bf7ec08aede99c4094acbca007_JaffaCakes118.exe	28
PID 3036 wrote to memory of 2872	3036	088040bf7ec08aede99c4094acbca007_JaffaCakes118.exe	28

memory/2872-5-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download
memory/2872-4-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download
memory/2872-8-0x0000000000580000-0x0000000000588000-memory.dmp

Filesize
32KB

Download
memory/2872-7-0x0000000000582000-0x0000000000583000-memory.dmp

Filesize
4KB

Download
memory/3036-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3036-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/3036-2-0x0000000000230000-0x000000000025B000-memory.dmp

Filesize
172KB

Download
memory/3036-3-0x0000000000290000-0x00000000002A4000-memory.dmp

Filesize
80KB

Download
memory/3036-6-0x0000000000290000-0x00000000002A4000-memory.dmp

Filesize
80KB

Download