2fd8f690fbcf45894623d48690a6b2d57a7a1d369fa72077235d807f14be3e52

Analysis

max time kernel
42s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 17:05

Target

259cfcac8af76f072c9436ae71180dc1_JaffaCakes118.exe
Size

133KB
MD5

259cfcac8af76f072c9436ae71180dc1
SHA1

5595f51e1dad1a2637e4b29c274a5e8fd1c1a336
SHA256

2fd8f690fbcf45894623d48690a6b2d57a7a1d369fa72077235d807f14be3e52
SHA512

f3ebfe73952e6070a0972e8ca61b7e96170982f5607b8f81b6e4c59e73d82fc567264df0688419b4658807d4c7aed8395c795cacdd444d040412ddf3da445120
SSDEEP

3072:qFxA8Q/cxjDXa6JRSxMi1M5Eb7hKuL9vpkVX+yBlS/Q:qFScPXa6SakJpk0wlS/Q

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2128	259cfcac8af76f072c9436ae71180dc1_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2128	259cfcac8af76f072c9436ae71180dc1_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4412-0-0x0000000000400000-0x0000000000486000-memory.dmp	upx
behavioral2/files/0x00080000000233d9-13.dat	upx
behavioral2/memory/2128-15-0x0000000000400000-0x0000000000486000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4412	259cfcac8af76f072c9436ae71180dc1_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4412	259cfcac8af76f072c9436ae71180dc1_JaffaCakes118.exe
2128	259cfcac8af76f072c9436ae71180dc1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4412 wrote to memory of 2128	4412	259cfcac8af76f072c9436ae71180dc1_JaffaCakes118.exe	81
PID 4412 wrote to memory of 2128	4412	259cfcac8af76f072c9436ae71180dc1_JaffaCakes118.exe	81
PID 4412 wrote to memory of 2128	4412	259cfcac8af76f072c9436ae71180dc1_JaffaCakes118.exe	81

C:\Users\Admin\AppData\Local\Temp\259cfcac8af76f072c9436ae71180dc1_JaffaCakes118.exe

Filesize
133KB

MD5
92fe093d3afcfcf4fcbee958e01efc27

SHA1
5ad42b26a1599f34316f1d85c70c4d644e13b2a4

SHA256
ace4fca2a517324487adcdd7ea0ef0c14c3f85a9d8f1a5ff13cb4cd6f42b2dfd

SHA512
e5f627812eb95776b35a0f53149dd8944279a99dab2828146d896fb4a7520deb3fbef3cdafaf86dd8e950a882038d8f9033dee05ed04656d97fa768f82621a3f

Download Submit
memory/2128-15-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2128-22-0x00000000000D0000-0x00000000000F1000-memory.dmp

Filesize
132KB

Download
memory/2128-16-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2128-23-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2128-24-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4412-0-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4412-1-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4412-7-0x00000000001C0000-0x00000000001E1000-memory.dmp

Filesize
132KB

Download
memory/4412-14-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download