66dd55474c6cfd1daeaa22269a5675925532245e388ac3f781c54d2f79be8bb0

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 07:58

Target

27d0dd27c89a60316e432f3011cf9df9_JaffaCakes118.exe
Size

1.4MB
MD5

27d0dd27c89a60316e432f3011cf9df9
SHA1

bb87ce3eb550842491e0e8bbdc372e3099ff59e8
SHA256

66dd55474c6cfd1daeaa22269a5675925532245e388ac3f781c54d2f79be8bb0
SHA512

9332a5e8131b4acfe63bfd863df82b16385dc79b3858aa394b6cf8e7f33b7b8708dadd9fcadb39b13fe3a8db31fb3d2c9e3b1b37edddc62e624b83bde741a15a
SSDEEP

24576:6zCqx5Pf8ADUuxo6JzIWvU3TFoGohUaHBTUuxo64:qhphUuG6Jz5vU32uaHBTUuG64

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1272	27d0dd27c89a60316e432f3011cf9df9_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
1272	27d0dd27c89a60316e432f3011cf9df9_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
616	27d0dd27c89a60316e432f3011cf9df9_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/616-0-0x0000000000400000-0x00000000004E0000-memory.dmp	upx
behavioral1/files/0x000b000000012286-11.dat	upx
behavioral1/memory/1272-18-0x0000000000400000-0x00000000004E0000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
616	27d0dd27c89a60316e432f3011cf9df9_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
616	27d0dd27c89a60316e432f3011cf9df9_JaffaCakes118.exe
1272	27d0dd27c89a60316e432f3011cf9df9_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 616 wrote to memory of 1272	616	27d0dd27c89a60316e432f3011cf9df9_JaffaCakes118.exe	29
PID 616 wrote to memory of 1272	616	27d0dd27c89a60316e432f3011cf9df9_JaffaCakes118.exe	29
PID 616 wrote to memory of 1272	616	27d0dd27c89a60316e432f3011cf9df9_JaffaCakes118.exe	29
PID 616 wrote to memory of 1272	616	27d0dd27c89a60316e432f3011cf9df9_JaffaCakes118.exe	29

\Users\Admin\AppData\Local\Temp\27d0dd27c89a60316e432f3011cf9df9_JaffaCakes118.exe

Filesize
1.4MB

MD5
cea6487d45e929c6683e26dbb65e03fe

SHA1
ae97a7a879a8fc6de72eb239774e9145c677c602

SHA256
5703740f2f03585fee884a60eff7540b340c2328b3f55ba608afd0d021f0a595

SHA512
6ecacbcceb2b2c4aa14617ac338606888ad2ab42b190687321a281bdb1c99d0a0bcc183729338fc7d4cc25ea6b29a3f24c615a8df9e877a1ebc0d675b9905fdd

Download Submit
memory/616-0-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/616-1-0x00000000001F0000-0x0000000000221000-memory.dmp

Filesize
196KB

Download
memory/616-2-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/616-16-0x0000000023010000-0x00000000230F0000-memory.dmp

Filesize
896KB

Download
memory/616-15-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1272-18-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1272-19-0x0000000000160000-0x0000000000191000-memory.dmp

Filesize
196KB

Download
memory/1272-26-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1272-27-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download