0ed2bdc8c6321cabb7b918b132a01cc9f8ea96badf6bf6bc00728c25353306ce

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 18:24

Target

1c09f129cbaadcb2a830c29b137db21d_JaffaCakes118.exe
Size

1.2MB
MD5

1c09f129cbaadcb2a830c29b137db21d
SHA1

9f4ead39c54820880191490b825bd355c961a591
SHA256

0ed2bdc8c6321cabb7b918b132a01cc9f8ea96badf6bf6bc00728c25353306ce
SHA512

e4391b6d5734c773d8c47f41dc7e1c52eeb282bd0995e2e28f5d82f865745dca0371bf553c8ee539ba986569f15644dbfe2e2b9f44ccd19646a657018b71d828
SSDEEP

24576:4ozWSCigAmAN03cKw0NpxEprwa6BMKhDgZs1RHYI65ayrPvJLlqmavq:6pHnAasmEWrhDtzHQPRLlCC

Score

7^/10

themida

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
behavioral1/memory/2036-4-0x0000000000400000-0x000000000065D02E-memory.dmp	themida
behavioral1/memory/2036-6-0x0000000000400000-0x000000000065D02E-memory.dmp	themida

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2036	1c09f129cbaadcb2a830c29b137db21d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1c09f129cbaadcb2a830c29b137db21d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1c09f129cbaadcb2a830c29b137db21d_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2036

memory/2036-1-0x0000000000660000-0x000000000074A000-memory.dmp

Filesize
936KB

Download
memory/2036-0-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2036-2-0x0000000000401000-0x0000000000408000-memory.dmp

Filesize
28KB

Download
memory/2036-4-0x0000000000400000-0x000000000065D02E-memory.dmp

Filesize
2.4MB

Download
memory/2036-5-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2036-6-0x0000000000400000-0x000000000065D02E-memory.dmp

Filesize
2.4MB

Download