198d305c2f7021512efd7ff5128c118708f18a8c1c66e72f80cd3c8d8af9572b

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 07:55

Target

195be955b11366a378e3ff0e148ba08b_JaffaCakes118.exe
Size

100KB
MD5

195be955b11366a378e3ff0e148ba08b
SHA1

5d25cfac1ab2b00608015356980f555abfa6cd2b
SHA256

198d305c2f7021512efd7ff5128c118708f18a8c1c66e72f80cd3c8d8af9572b
SHA512

12ef6f312fdfb03f026337443bf9b223af288acff46d249d1a23ede01c4d8626e62243addb9c2cfd4629c22a497419eaf9beacf839fbfba4e7411981c6f50f5c
SSDEEP

3072:jhghlgZVb8mveRItxlNmk4NKBo/EEevGAOWbEuU5:8gZ+R6ac

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2248-0-0x0000000000400000-0x0000000000445000-memory.dmp	upx
behavioral1/memory/2248-2-0x0000000000400000-0x0000000000445000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 1520	2248	195be955b11366a378e3ff0e148ba08b_JaffaCakes118.exe	28
PID 2248 wrote to memory of 1520	2248	195be955b11366a378e3ff0e148ba08b_JaffaCakes118.exe	28
PID 2248 wrote to memory of 1520	2248	195be955b11366a378e3ff0e148ba08b_JaffaCakes118.exe	28
PID 2248 wrote to memory of 1520	2248	195be955b11366a378e3ff0e148ba08b_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\195be955b11366a378e3ff0e148ba08b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\195be955b11366a378e3ff0e148ba08b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1520

memory/2248-0-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2248-2-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download