46ace6d67188577c7fccf74fc799294f1d23389ddb22f883a96938e9b9d657f2

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 17:07

Target

16ce218ffe33f5e92083627685528426_JaffaCakes118.exe
Size

56KB
MD5

16ce218ffe33f5e92083627685528426
SHA1

704844d1e5d0f3585d74f43e2d3d1c9362272cf5
SHA256

46ace6d67188577c7fccf74fc799294f1d23389ddb22f883a96938e9b9d657f2
SHA512

d31e0631547a2504b4696a37f8b3ff38f011ca1792d7284272176ba20f49f210fd92af40db77b6c04233f0ce21ee00c5ee5b9b71cf8bbb430b5462df22e9752d
SSDEEP

1536:QrLbZnmND6dlgbSOb8MQ7eVeOQ5Rg2+EBf8Hj2:QrPRmF6fgbTQ7CRW+2+Eh8Hj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2360	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2360	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
1792	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1792-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000e0000000126b8-10.dat	upx
behavioral1/memory/2360-17-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1792	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1792	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe
2360	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 2360	1792	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe	29
PID 1792 wrote to memory of 2360	1792	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe	29
PID 1792 wrote to memory of 2360	1792	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe	29
PID 1792 wrote to memory of 2360	1792	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe	29

\Users\Admin\AppData\Local\Temp\16ce218ffe33f5e92083627685528426_JaffaCakes118.exe

Filesize
56KB

MD5
56315b46b303f0408f219d3a8566b09c

SHA1
eee8e2eb9841b363f83b5b79a63389d20eb9f299

SHA256
22e640780b420daad9603097a5c0cb0df34caa345d14ec36455c19a142f59f1e

SHA512
ab6f557cb675895baed44d383e35a312b734876a53c6742926eddd3f0686751961a8b09d9be19dc5954a0740668ed841391a0cb8dce8db1622389b5069a2bfe2

Download Submit
memory/1792-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1792-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1792-9-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/1792-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1792-16-0x00000000001E0000-0x000000000021A000-memory.dmp

Filesize
232KB

Download
memory/2360-17-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2360-18-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2360-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2360-29-0x0000000000170000-0x000000000018B000-memory.dmp

Filesize
108KB

Download
memory/2360-28-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/2360-30-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download