9907ce9968d5f35181f13b4ee76fb2682c1a6853384eb9f42b7f803a160d14ac

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 16:40

Target

09a71bb3264e091b9f59441cf92c0a52_JaffaCakes118.exe
Size

80KB
MD5

09a71bb3264e091b9f59441cf92c0a52
SHA1

51ac91b7c68841c59772a949d1dd8b3f8bbc82cb
SHA256

9907ce9968d5f35181f13b4ee76fb2682c1a6853384eb9f42b7f803a160d14ac
SHA512

41b41270e8b324f4d002c9a607dd851f59f1bdafb58341f327e6b9efba714dae77c6162711681eede821425cc90e91632613e7adab8051bb35093a80749287fe
SSDEEP

1536:djj5/JBZaEvhI7zSu7qe/pJoDYTJWbW18nVYRSnP3Kf9Nc:pFJzxI3FgiJgW1WSf7c

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1728-0-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1728-2-0x0000000000400000-0x0000000000421000-memory.dmp	upx

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell	09a71bb3264e091b9f59441cf92c0a52_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	09a71bb3264e091b9f59441cf92c0a52_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}	09a71bb3264e091b9f59441cf92c0a52_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\\shell\\imiob\\command	09a71bb3264e091b9f59441cf92c0a52_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	09a71bb3264e091b9f59441cf92c0a52_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\imiob	09a71bb3264e091b9f59441cf92c0a52_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\shell\\imiob	09a71bb3264e091b9f59441cf92c0a52_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\09a71bb3264e091b9f59441cf92c0a52_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\09a71bb3264e091b9f59441cf92c0a52_JaffaCakes118.exe"
1⤵
- Modifies registry class
PID:1728

memory/1728-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1728-2-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download