d901a42924210d83062b72fe8898c66ceab91b653207238cfc1ab6a899d11355

Analysis

max time kernel
136s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 09:35

Target

1ac9f25b114305a80b9da5b3c0a15faf_JaffaCakes118.exe
Size

266KB
MD5

1ac9f25b114305a80b9da5b3c0a15faf
SHA1

3f70461509f47bdce691e10c1ad97081c41bc466
SHA256

d901a42924210d83062b72fe8898c66ceab91b653207238cfc1ab6a899d11355
SHA512

33ddc3134c5d85c71e088a1c85d3a323799c6e77fb8ab1fe09ab76f5abea553d098c475f8176c7ce1c36d217c5cf9dbe71d288679f29afee3c8c97de6bacc852
SSDEEP

6144:gkHJvGI15HUoqEjOF85ecHgPH7lIkwsOqAbK1OKWeXw7Oh8KgPWosuSbQ:gkpH5xqEjB5eDReiWwEc8KgPW/9s

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3824	1ac9f25b114305a80b9da5b3c0a15faf_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
3824	1ac9f25b114305a80b9da5b3c0a15faf_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4656-0-0x0000000000400000-0x0000000000486000-memory.dmp	upx
behavioral2/files/0x00080000000234ea-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4656	1ac9f25b114305a80b9da5b3c0a15faf_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4656	1ac9f25b114305a80b9da5b3c0a15faf_JaffaCakes118.exe
3824	1ac9f25b114305a80b9da5b3c0a15faf_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 3824	4656	1ac9f25b114305a80b9da5b3c0a15faf_JaffaCakes118.exe	93
PID 4656 wrote to memory of 3824	4656	1ac9f25b114305a80b9da5b3c0a15faf_JaffaCakes118.exe	93
PID 4656 wrote to memory of 3824	4656	1ac9f25b114305a80b9da5b3c0a15faf_JaffaCakes118.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4112,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=4060 /prefetch:8
1⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\1ac9f25b114305a80b9da5b3c0a15faf_JaffaCakes118.exe

Filesize
266KB

MD5
61fdb9c9cc0f3d723183a4904df983f1

SHA1
3b30b4972760e44e87b2cc78b6cfaedb554b45f7

SHA256
5974ffb5e6bc8663c3ea68e7f4fed70d599556e95e601ec8be772df658eef5cf

SHA512
20c39bc9176fd2959c076c9ccfdc930872a71b76e8f63898950afb0e70aba9db606d5de3a0cad478a4b81dfa36a57bb98c50bc062bde6d9c15a848be1d24f334

Download Submit
memory/3824-15-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/3824-14-0x00000000001A0000-0x00000000001C1000-memory.dmp

Filesize
132KB

Download
memory/3824-16-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3824-35-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4656-0-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4656-1-0x00000000001D0000-0x00000000001F1000-memory.dmp

Filesize
132KB

Download
memory/4656-2-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4656-13-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download