b936f2998c18d2e72ea415e241ee07198e24689802ab6cbe1ef17c2f5bf9a95e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 08:32

Target

254a1cdab22ca09b68a10c57824c14df_JaffaCakes118.exe
Size

80KB
MD5

254a1cdab22ca09b68a10c57824c14df
SHA1

78e7065c368dfd6439fa9f954ed122dedd7c60aa
SHA256

b936f2998c18d2e72ea415e241ee07198e24689802ab6cbe1ef17c2f5bf9a95e
SHA512

ec5dc98fa9d28e9c4ed2751339f080d6a564b85c7328381a275d90f3fcde7588589091c1d06b4e2f1aff00385010e9165ded3c1951ca9dd4ebf7ad1d2ecb47eb
SSDEEP

1536:FAX19Dr/+wEsQX5F9Ra40WOENFHkYAa3WlLY/hVhc0ts1Ledo6C9u3iNYmtMSrHh:FADzDQJTRaWNFbzWlcDCk26CQiNztMSF

Score

7^/10

aspackv2 upx

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
behavioral1/files/0x00350000000148ac-6.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
1700	0101424741832

Loads dropped DLL 1 IoCs

pid	Process
2228	254a1cdab22ca09b68a10c57824c14df_JaffaCakes118.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2228-0-0x0000000000400000-0x000000000042C000-memory.dmp	upx
behavioral1/memory/2228-10-0x0000000000310000-0x0000000000330000-memory.dmp	upx
behavioral1/memory/2228-14-0x0000000000400000-0x000000000042C000-memory.dmp	upx
behavioral1/memory/2228-25-0x0000000000400000-0x000000000042C000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1700	2228	254a1cdab22ca09b68a10c57824c14df_JaffaCakes118.exe	28
PID 2228 wrote to memory of 1700	2228	254a1cdab22ca09b68a10c57824c14df_JaffaCakes118.exe	28
PID 2228 wrote to memory of 1700	2228	254a1cdab22ca09b68a10c57824c14df_JaffaCakes118.exe	28
PID 2228 wrote to memory of 1700	2228	254a1cdab22ca09b68a10c57824c14df_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\254a1cdab22ca09b68a10c57824c14df_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\254a1cdab22ca09b68a10c57824c14df_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\0101424741832
  C:\Users\Admin\AppData\Local\Temp\0101424741832 "http://85.255.121.125/inwithmess.bin"
  2⤵
  - Executes dropped EXE
  PID:1700

C:\Users\Admin\AppData\Local\Temp\0101424741832

Filesize
42KB

MD5
45ec396852c5737abad05dd185b3a184

SHA1
5c097ba12ec1c2f03228650af17e39c1a5e8faf1

SHA256
ea9e3c99b1c781150aa935c3e3a3d8282ac9d5381abc77ead250db9d922a4c8d

SHA512
c5502735b81d8f177358c3198db296bb030d48e0907f0506e7846e4d0424929e2e0fa3818de7f86941ac9b0022bf0bdfd1093dd67a9ecdf8aae2774ad20dab60

Download Submit
memory/1700-13-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1700-15-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1700-22-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2228-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2228-10-0x0000000000310000-0x0000000000330000-memory.dmp

Filesize
128KB

Download
memory/2228-14-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2228-25-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download