a9be1032ab5ed90ccde91f2ee7da646a94b45b8f1e70d18db9ac1b3e285bcb55

Analysis

max time kernel
133s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 09:21

Target

256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
Size

2.7MB
MD5

256d778da00849eeaea46beeeec5f3e1
SHA1

49facd664bde8bdf8a4dbbb1a8dc54254b00d188
SHA256

a9be1032ab5ed90ccde91f2ee7da646a94b45b8f1e70d18db9ac1b3e285bcb55
SHA512

db3eb44340d9ab4fb9f46197922b8803781ad5339095f5b29138ab8a690de22103ed1070eef8405546c5cee7b57e3c1e700d8e404e080a4399172800e8da831c
SSDEEP

49152:Mp5ekf6GPvm6j7a2G51i7kLU8YffUHlliBPpbrnANxcLR9+33HtrCFaIwrym2gMr:uimv9j7a2KGPqiPdnA7KH+BCFaIwD2gi

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4652	256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4652	256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/560-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0005000000022f58-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
560	256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
560	256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
4652	256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 4652	560	256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe	83
PID 560 wrote to memory of 4652	560	256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe	83
PID 560 wrote to memory of 4652	560	256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe

Filesize
2.7MB

MD5
705637b96d202fa9e5d4b361416a15ca

SHA1
2f324f0b16525ff80bdf46177ceef81dfc633cd2

SHA256
f57d6811816d4373def41b8346a5645bb0b456afddba6625b63e5a7e91e99fb5

SHA512
ef66d9bc64c7081d67257d00b4f7b90c6b5ca9aa3071bdf36e1aed13402a6072437c5349aa04f360f7932d982c13b4b2c1b085430648389a253162b17944d0b6

Download Submit
memory/560-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/560-6-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/560-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/560-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4652-13-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/4652-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4652-20-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4652-26-0x00000000046D0000-0x00000000048F2000-memory.dmp

Filesize
2.1MB

Download
memory/4652-12-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4652-39-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download