a30ed9a52bc72be95408af508c87be374fb70b41a692fcc8702cfc8b06bc9ba5

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 10:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
Size

387KB
MD5

1adf3fa4818ced94a9a0a38ff7a89bfc
SHA1

9e8f9190b7744d2aa52e9274d62f810e1b663914
SHA256

a30ed9a52bc72be95408af508c87be374fb70b41a692fcc8702cfc8b06bc9ba5
SHA512

87e90cdb3bf03cfcac659de1dfc34f2821194d1dc8eee47b78568e27e6347b8ee45ad45706aed1265ebe7ccb4032f993824cfce5cb34f419541c63785dfa2ea9
SSDEEP

12288:MwtVP17uq+pqx/Ud7ghjVGk2EHU0BzJUxMwlpVt+H2:MwtVP17uppK/6ght7nx+xl5n

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2164-0-0x0000000000400000-0x000000000047B000-memory.dmp	upx
behavioral1/memory/2164-1-0x0000000000400000-0x000000000047B000-memory.dmp	upx

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\5761b2dc-ce77-4bfa-b965-6f33b1867cf2	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
2164	1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1adf3fa4818ced94a9a0a38ff7a89bfc_JaffaCakes118.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2164-0-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/2164-1-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download