46ace6d67188577c7fccf74fc799294f1d23389ddb22f883a96938e9b9d657f2

Analysis

max time kernel
133s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 17:07

Target

16ce218ffe33f5e92083627685528426_JaffaCakes118.exe
Size

56KB
MD5

16ce218ffe33f5e92083627685528426
SHA1

704844d1e5d0f3585d74f43e2d3d1c9362272cf5
SHA256

46ace6d67188577c7fccf74fc799294f1d23389ddb22f883a96938e9b9d657f2
SHA512

d31e0631547a2504b4696a37f8b3ff38f011ca1792d7284272176ba20f49f210fd92af40db77b6c04233f0ce21ee00c5ee5b9b71cf8bbb430b5462df22e9752d
SSDEEP

1536:QrLbZnmND6dlgbSOb8MQ7eVeOQ5Rg2+EBf8Hj2:QrPRmF6fgbTQ7CRW+2+Eh8Hj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2976	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2976	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2760-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000800000002351e-11.dat	upx
behavioral2/memory/2976-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2760	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2760	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe
2976	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2976	2760	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe	83
PID 2760 wrote to memory of 2976	2760	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe	83
PID 2760 wrote to memory of 2976	2760	16ce218ffe33f5e92083627685528426_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\16ce218ffe33f5e92083627685528426_JaffaCakes118.exe

Filesize
56KB

MD5
4521501338d500637f8c8712fb2f146a

SHA1
e9cd4d04b5d6f985639c1e6199e44369b6a66ab9

SHA256
c3970abb12d85a9333b3813a5794c397924d9f25dc3ac1f00c947782c59a93d1

SHA512
fd6a1794c1d5f476d4e9e3923c1b8a0c784069d4508b28eaad15ad47794bfe5b6c80454ebc5b7ce5b743282cb603aa69e0ab81441a77a6b4fea1f382458daae2

Download Submit
memory/2760-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2760-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2760-9-0x00000000001F0000-0x00000000001FE000-memory.dmp

Filesize
56KB

Download
memory/2760-12-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2976-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2976-14-0x0000000000190000-0x000000000019E000-memory.dmp

Filesize
56KB

Download
memory/2976-16-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2976-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2976-25-0x00000000014B0000-0x00000000014CB000-memory.dmp

Filesize
108KB

Download
memory/2976-26-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download