9051eec5d24a085599c21eb87b1631fa2ac5fd8cdc40c357d31ec3857fab4ff2

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 12:25

Target

15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe
Size

267KB
MD5

15ffca45b1f0869b32f23fc29d4cb5fa
SHA1

bbd3a10769ef45ba766480e58f97bef3d0114d8c
SHA256

9051eec5d24a085599c21eb87b1631fa2ac5fd8cdc40c357d31ec3857fab4ff2
SHA512

b91a26ec3b3c62ee2822a5a2da2037d88ec5b85845accafc7cef446f6cf9bb273884e6e6a33fa74207ddf769a3fa1078648b557640555cb4525dd4120532f103
SSDEEP

6144:SZC4d3lbxc6wU/UP+XhdMRFD3LAwektjoSwTBGH4l:r4dMRU/UP4heFjLDFtjoSwoa

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2952-0-0x0000000000400000-0x0000000000494000-memory.dmp	upx
behavioral1/memory/2952-17-0x0000000000400000-0x0000000000494000-memory.dmp	upx

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\blat.exe	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\blat.lib	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\blat.dll	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ip.bat	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\install.bat	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\admdll.dll	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe
File created	C:\Windows\raddrv.dll	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe
File created	C:\Windows\svchost.exe	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2952	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe
2952	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2952	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe
2952	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2648	2952	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe	28
PID 2952 wrote to memory of 2648	2952	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe	28
PID 2952 wrote to memory of 2648	2952	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe	28
PID 2952 wrote to memory of 2648	2952	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe	28
PID 2952 wrote to memory of 2648	2952	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe	28
PID 2952 wrote to memory of 2648	2952	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe	28
PID 2952 wrote to memory of 2648	2952	15ffca45b1f0869b32f23fc29d4cb5fa_JaffaCakes118.exe	28

C:\Windows\SysWOW64\install.bat

Filesize
214B

MD5
4abc5068ba7c472d2f4245de53bd16ca

SHA1
08fd5028330a1cdcfde2e14d487a1342f08596d1

SHA256
1c9ff524bb54ac0f4e292186327e8f4894e0e6cc56d0ac6b257e3a4bb714e822

SHA512
c8a47012055c47d975e6276c61f7c4380ea290664c76fa3cf0fbe0b28dd4488453e9dd177af36dc76f91c6503bbbf32da40cb7822155b3230b29566b906ecfe4

Download Submit
memory/2952-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2952-17-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download