a73bf74ad6e1064bae65676feb50da619953869804c578fad45e468efe44e1a8

Analysis

max time kernel
93s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 09:49

Target

281c2e683cd34ffe27a3f4158cc694b2_JaffaCakes118.exe
Size

32KB
MD5

281c2e683cd34ffe27a3f4158cc694b2
SHA1

03c613451d420bb0d47263a0d2d37fdd85dbebf8
SHA256

a73bf74ad6e1064bae65676feb50da619953869804c578fad45e468efe44e1a8
SHA512

4d4f1faed153c2a609e93ce08524392743dc251342c6fc0ddeabaee94becde11716815750d9acd3948b82ce61df67f918681b3698102f8c27f4c5923ce9b2956
SSDEEP

384:qWRG4HJzhJORMQ+rqENsNv3jgP/hHIqpDkiuiXte8Fb1/6qsv4AnCjNe9XaktPTD:M4HJzSKBqoYPS/fpVuiXk8F3kwCa0nPH

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1668-0-0x0000000000010000-0x0000000000029000-memory.dmp	upx
behavioral2/memory/1668-2-0x0000000000010000-0x0000000000029000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Passepartout.exe	281c2e683cd34ffe27a3f4158cc694b2_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2420	1668	WerFault.exe	81

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1668	281c2e683cd34ffe27a3f4158cc694b2_JaffaCakes118.exe
1668	281c2e683cd34ffe27a3f4158cc694b2_JaffaCakes118.exe
1668	281c2e683cd34ffe27a3f4158cc694b2_JaffaCakes118.exe
1668	281c2e683cd34ffe27a3f4158cc694b2_JaffaCakes118.exe
1668	281c2e683cd34ffe27a3f4158cc694b2_JaffaCakes118.exe
1668	281c2e683cd34ffe27a3f4158cc694b2_JaffaCakes118.exe
1668	281c2e683cd34ffe27a3f4158cc694b2_JaffaCakes118.exe
1668	281c2e683cd34ffe27a3f4158cc694b2_JaffaCakes118.exe
1668	281c2e683cd34ffe27a3f4158cc694b2_JaffaCakes118.exe
1668	281c2e683cd34ffe27a3f4158cc694b2_JaffaCakes118.exe

Suspicious behavior: LoadsDriver 6 IoCs

C:\Users\Admin\AppData\Local\Temp\281c2e683cd34ffe27a3f4158cc694b2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\281c2e683cd34ffe27a3f4158cc694b2_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:1668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 824
  2⤵
  - Program crash
  PID:2420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1668 -ip 1668
1⤵
PID:2768

memory/1668-0-0x0000000000010000-0x0000000000029000-memory.dmp

Filesize
100KB

Download
memory/1668-2-0x0000000000010000-0x0000000000029000-memory.dmp

Filesize
100KB

Download