802ce91f7f2c5e812790bdf2bc17ca26f334706b9866f76492fabbd6ed485a39

Analysis

max time kernel
41s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 17:24

Target

1bdd2459037276d938ff18588fc56211_JaffaCakes118.exe
Size

147KB
MD5

1bdd2459037276d938ff18588fc56211
SHA1

7c48584906172d0a505aa5dbe7cb8365181b4e79
SHA256

802ce91f7f2c5e812790bdf2bc17ca26f334706b9866f76492fabbd6ed485a39
SHA512

f00efb0fd774f5eb0e7c084725a636e6681b0ac168ea00414d188f02d3827a3c4f33e2e0410ca2d5e4029b88237068d9ca86d94c1a1e3ef035035111a0855580
SSDEEP

3072:OVVlVgfJjcBsoSkuUmVkAOkDz3CXd3TFtrBMAyEel:OVL+RjCAkLgkAOyzq/rBMAyn

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1880-0-0x0000000000400000-0x0000000000438000-memory.dmp	upx
behavioral2/memory/1880-7-0x0000000000400000-0x0000000000438000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1880 set thread context of 1752	1880	1bdd2459037276d938ff18588fc56211_JaffaCakes118.exe	81

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 1752	1880	1bdd2459037276d938ff18588fc56211_JaffaCakes118.exe	81
PID 1880 wrote to memory of 1752	1880	1bdd2459037276d938ff18588fc56211_JaffaCakes118.exe	81
PID 1880 wrote to memory of 1752	1880	1bdd2459037276d938ff18588fc56211_JaffaCakes118.exe	81
PID 1880 wrote to memory of 1752	1880	1bdd2459037276d938ff18588fc56211_JaffaCakes118.exe	81
PID 1880 wrote to memory of 1752	1880	1bdd2459037276d938ff18588fc56211_JaffaCakes118.exe	81
PID 1880 wrote to memory of 1752	1880	1bdd2459037276d938ff18588fc56211_JaffaCakes118.exe	81
PID 1880 wrote to memory of 1752	1880	1bdd2459037276d938ff18588fc56211_JaffaCakes118.exe	81
PID 1880 wrote to memory of 1752	1880	1bdd2459037276d938ff18588fc56211_JaffaCakes118.exe	81

C:\Users\Admin\AppData\Local\Temp\1bdd2459037276d938ff18588fc56211_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1bdd2459037276d938ff18588fc56211_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Users\Admin\AppData\Local\Temp\1bdd2459037276d938ff18588fc56211_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\1bdd2459037276d938ff18588fc56211_JaffaCakes118.exe
  2⤵
  PID:1752

memory/1752-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1752-8-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1752-6-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1752-10-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1752-9-0x0000000000430000-0x00000000004F9000-memory.dmp

Filesize
804KB

Download
memory/1880-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/1880-1-0x0000000000A20000-0x0000000000A44000-memory.dmp

Filesize
144KB

Download
memory/1880-7-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download