151eae0b7e15db3b1e03abd3c3d22d2b3f3e3c97bb028ab5475d7c584a8fc160

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
Size

133KB
MD5

248046ab925cc86b8deb8db554850ea1
SHA1

a255a6d9dbb308a33ceda5a09a32f14a43461745
SHA256

151eae0b7e15db3b1e03abd3c3d22d2b3f3e3c97bb028ab5475d7c584a8fc160
SHA512

a915b2fe1fec77a6e0e6c375ab487748712e371556f893f09ee4a250298b34ad72d186f611d3b5487c4ddc5c17a6d2b7e4e15b166d299f0b928d1add964c8f63
SSDEEP

1536:TeNFrlTvbbVladlSgUG2+f2WTt9fpOQLgPui6M0vtKQOLw/2Nj:sRnYlVV2+f2IjpgmiRcAQzU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3108-18-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\8xuuEFl	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\a1PWcH	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\k1atV	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\nJtf64j	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\oHjigD3tfi	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\8UHe2P	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\FtuUKI7tLO	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\dVgu63	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\tfHvVM	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\oemKQGlTS	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\bMgNPtp6	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\XJ5lf4C	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\Sg8JQhcb	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\sGVbix	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\mYDaRfcd	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\CVkCg6GGje	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\tNbbFn	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\Iul4M	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\2Qvsv	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\hkwRCVmf3P	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\SL4Gxd	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\sXQAwehfl	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\mrq5K4P	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\bnGVMejdQS	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\eDFchX7Gu	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\Mv8FNpV2hK	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\dWmqNQboc	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\GcCSso	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\pA8P1O	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\Gniqh2	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\OmW4hGUmrl	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\VfboROYGFY	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\WXtYjgGvWB	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\1cUWTTc4e	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\NxQK1	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\r7WdPkmtN	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\SnAF2h	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\VQjKpNoC	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\Y4uGYpB	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\hwvfAj	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\pyxFWS2S	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\7msMUWiACu	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\csaYl7Vra4	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\WtQPnivy6	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\gUu2n5	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\DGweBm	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\l2X358N	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\7TtKhaDt2e	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\GDfBH3qm	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\RCLHfsoVKo	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\5pmmsMdNFo	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\lnE1ok7SVo	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\74eKv	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\wkxxch3S	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\W2CS2	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\dTU6n3qcO	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\T8X7Pr8	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\qRgYu374	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\1euCH41Y2	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\4IWYB	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\1Vi1Y22E	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\eVOOvF	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\aPGWPE	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
File opened for modification	C:\Windows\5hJOk1N	248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3368	3108	WerFault.exe	80

C:\Users\Admin\AppData\Local\Temp\248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\248046ab925cc86b8deb8db554850ea1_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
PID:3108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 220
  2⤵
  - Program crash
  PID:3368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3108 -ip 3108
1⤵
PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3108-18-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3108-74-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads