9df8be0b257075a8b0d55b10fe71ca59e92fe6ead650e2deb2e7e805016cd043

Analysis

max time kernel
134s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 04:59

Target

18dc6bdcb5c36de68839304c2a81e000_JaffaCakes118.exe
Size

918KB
MD5

18dc6bdcb5c36de68839304c2a81e000
SHA1

bd4404955256239e5cb1b37672b0d9511ae12333
SHA256

9df8be0b257075a8b0d55b10fe71ca59e92fe6ead650e2deb2e7e805016cd043
SHA512

74fbe1532e6b63edad6a803c46909dc1cdbf529dc22656528134100e03592338d21ca508db3e4957b75854730febc221fc0cd29def77b8c808208914d17385a8
SSDEEP

12288:1nLed8niQBIzo5zOmTU6oGo7dBOTOLJc20n346f4Na+opkmTU6oGo7dBOTOLJcM:AGiQezovTFoGohUR0lYTFoGohUi

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3436	18dc6bdcb5c36de68839304c2a81e000_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
3436	18dc6bdcb5c36de68839304c2a81e000_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3008-0-0x0000000000400000-0x00000000004E0000-memory.dmp	upx
behavioral2/files/0x000600000002329a-12.dat	upx
behavioral2/memory/3436-14-0x0000000000400000-0x00000000004E0000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3008	18dc6bdcb5c36de68839304c2a81e000_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3008	18dc6bdcb5c36de68839304c2a81e000_JaffaCakes118.exe
3436	18dc6bdcb5c36de68839304c2a81e000_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 3436	3008	18dc6bdcb5c36de68839304c2a81e000_JaffaCakes118.exe	84
PID 3008 wrote to memory of 3436	3008	18dc6bdcb5c36de68839304c2a81e000_JaffaCakes118.exe	84
PID 3008 wrote to memory of 3436	3008	18dc6bdcb5c36de68839304c2a81e000_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\18dc6bdcb5c36de68839304c2a81e000_JaffaCakes118.exe

Filesize
918KB

MD5
3286443c6623a5ee4352795a5cf26dc7

SHA1
b05fa1019ff4419aa7680fc70be903ccb0350ad2

SHA256
6900e7993462b61192aa733d80af175cda3b4d332c5b69dc0fa0af40e1a4dd07

SHA512
10c907e75bbe7b3a4ea5f7cdb0eff6689e338efd1d26702ec495b46a568506ca948dacfb0e7453bb723ed9e853384cc72cdf97371c526abb91aba23867426ee6

Download Submit
memory/3008-0-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/3008-1-0x00000000015F0000-0x0000000001621000-memory.dmp

Filesize
196KB

Download
memory/3008-2-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3008-13-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3436-15-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3436-21-0x00000000014E0000-0x0000000001511000-memory.dmp

Filesize
196KB

Download
memory/3436-14-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/3436-35-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download