ece6044b8d810986142415e350ee50e242bfe2f94accb4f1b6a40c27741f5f04

Analysis

max time kernel
94s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 12:04

Target

22566cff71ac756508f759eb00a8d58e_JaffaCakes118.exe
Size

55KB
MD5

22566cff71ac756508f759eb00a8d58e
SHA1

4c7a09af72585a84d2aede250311423b63275d7d
SHA256

ece6044b8d810986142415e350ee50e242bfe2f94accb4f1b6a40c27741f5f04
SHA512

e743d2935ed63bc06e0a1d48c79d3f2b75af4b938fdb200178d2c05ae67dd7daae4764f95e06da985afd3ff06afa7d3d446d103f3e4c8630ae8041a68b154f50
SSDEEP

1536:MYq/QA2zgwBsO/VmLsfgGdgrFaDyfhoPTJRTT:wMmug0grFam4JRn

Score

7^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2520-0-0x0000000013140000-0x0000000013353000-memory.dmp	upx
behavioral2/memory/2520-2-0x0000000013140000-0x0000000013353000-memory.dmp	upx
behavioral2/memory/2520-5-0x0000000013140000-0x0000000013353000-memory.dmp	upx
behavioral2/memory/2520-6-0x0000000013140000-0x0000000013353000-memory.dmp	upx
behavioral2/memory/2520-7-0x0000000013140000-0x0000000013353000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2028 set thread context of 2520	2028	22566cff71ac756508f759eb00a8d58e_JaffaCakes118.exe	80

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2520	22566cff71ac756508f759eb00a8d58e_JaffaCakes118.exe
2520	22566cff71ac756508f759eb00a8d58e_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2520	22566cff71ac756508f759eb00a8d58e_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2520	2028	22566cff71ac756508f759eb00a8d58e_JaffaCakes118.exe	80
PID 2028 wrote to memory of 2520	2028	22566cff71ac756508f759eb00a8d58e_JaffaCakes118.exe	80
PID 2028 wrote to memory of 2520	2028	22566cff71ac756508f759eb00a8d58e_JaffaCakes118.exe	80
PID 2028 wrote to memory of 2520	2028	22566cff71ac756508f759eb00a8d58e_JaffaCakes118.exe	80
PID 2028 wrote to memory of 2520	2028	22566cff71ac756508f759eb00a8d58e_JaffaCakes118.exe	80
PID 2520 wrote to memory of 4116	2520	22566cff71ac756508f759eb00a8d58e_JaffaCakes118.exe	81
PID 2520 wrote to memory of 4116	2520	22566cff71ac756508f759eb00a8d58e_JaffaCakes118.exe	81
PID 2520 wrote to memory of 4116	2520	22566cff71ac756508f759eb00a8d58e_JaffaCakes118.exe	81
PID 2520 wrote to memory of 3516	2520	22566cff71ac756508f759eb00a8d58e_JaffaCakes118.exe	56

memory/2028-3-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/2520-0-0x0000000013140000-0x0000000013353000-memory.dmp

Filesize
2.1MB

Download
memory/2520-2-0x0000000013140000-0x0000000013353000-memory.dmp

Filesize
2.1MB

Download
memory/2520-5-0x0000000013140000-0x0000000013353000-memory.dmp

Filesize
2.1MB

Download
memory/2520-6-0x0000000013140000-0x0000000013353000-memory.dmp

Filesize
2.1MB

Download
memory/2520-7-0x0000000013140000-0x0000000013353000-memory.dmp

Filesize
2.1MB

Download