3f204ca33772029e5061817dd54f93f37a86e6106dcf30a73c4da9a0f6336a09

Analysis

max time kernel
150s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
Size

450KB
MD5

0e1719c72e3578ddc7b993186a39b49d
SHA1

31cdcd89bd5e5ac842e93b32fcd1c5bc8b8b194e
SHA256

3f204ca33772029e5061817dd54f93f37a86e6106dcf30a73c4da9a0f6336a09
SHA512

5f97530625cc0bab9a746472c705c7ccdfee73e13c8445faa1800b0827f6d462b34f77e22f3498ef086952802ca83a7768734547608a9861ceb29ff6c6b00247
SSDEEP

12288:qes+YI7gmVfY5wUWms+1qK6x+vF4GbYc:nermOWzqcx+FLY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3032-2-0x0000000000400000-0x000000000047A000-memory.dmp	upx

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\5761b2dc-ce77-4bfa-b965-6f33b1867cf2	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
3032	0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0e1719c72e3578ddc7b993186a39b49d_JaffaCakes118.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3032-0-0x0000000002280000-0x00000000022E6000-memory.dmp

Filesize
408KB

Download
memory/3032-1-0x0000000000474000-0x000000000047A000-memory.dmp

Filesize
24KB

Download
memory/3032-2-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/3032-4-0x0000000002280000-0x00000000022E6000-memory.dmp

Filesize
408KB

Download