1e2977e1ed003816d03093f58785231f3eb99c1075157a19939c368f94f1128f

Analysis

max time kernel
53s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 16:33

Target

230e5fa318f11e6b3dce5a24b4777a33_JaffaCakes118.exe
Size

83KB
MD5

230e5fa318f11e6b3dce5a24b4777a33
SHA1

f3657f8fe3f3de406c52b49d93dbcf8c836e56a2
SHA256

1e2977e1ed003816d03093f58785231f3eb99c1075157a19939c368f94f1128f
SHA512

5987e373c6e6a596896822fb1112405027c66543388a3e5b6daae5e28477fea72c20569f765eaf81ac722bffe9c22b1de0cafc25b960ee08b6585381e360dfe5
SSDEEP

1536:RAcbyjNu7i+e7ITxF1WBWOH6wugCGLH+vY35jQJaU6GoqS:RAcENuvhT54WFw/hLH3pjQJaU6nF

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3412-0-0x0000000000400000-0x0000000000422000-memory.dmp	upx
behavioral2/memory/3412-2-0x0000000000400000-0x0000000000422000-memory.dmp	upx

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}	230e5fa318f11e6b3dce5a24b4777a33_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\\shell\\zwmwl\\command	230e5fa318f11e6b3dce5a24b4777a33_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	230e5fa318f11e6b3dce5a24b4777a33_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\zwmwl	230e5fa318f11e6b3dce5a24b4777a33_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\shell\\zwmwl	230e5fa318f11e6b3dce5a24b4777a33_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell	230e5fa318f11e6b3dce5a24b4777a33_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	230e5fa318f11e6b3dce5a24b4777a33_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\230e5fa318f11e6b3dce5a24b4777a33_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\230e5fa318f11e6b3dce5a24b4777a33_JaffaCakes118.exe"
1⤵
- Modifies registry class
PID:3412

memory/3412-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/3412-2-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download