29dbf494bd4b33e84f9be5f90b7c55abdc50573b6492bc0e2a552f54b31d8f0d

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
Size

622KB
MD5

2e0600c42c5c88fbcf91204480f050e9
SHA1

41ca5db58ebbed87fca19888473a5d2d4d9ff52e
SHA256

29dbf494bd4b33e84f9be5f90b7c55abdc50573b6492bc0e2a552f54b31d8f0d
SHA512

14676f77cceb9b187e4418c5c99b14d77540c0c41826266513a0b8d9ae1ea4d8c1e20e4c727a4032cc5e4791ca38b751bd4f58802be1f80a2086281741f804a9
SSDEEP

12288:baqRmEUXAxE+8z7IVmAD07yXRL5ajr6iPblBw5tBW9NcdKt63kldUyTvrmSZDBiq:bHYAvD07e9ijlBMOcAt63kldHqpvRij1

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3092	Setup.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000b000000023379-7.dat	upx
behavioral2/memory/3092-9-0x0000000000400000-0x00000000004FD000-memory.dmp	upx
behavioral2/memory/3092-14-0x0000000000400000-0x00000000004FD000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 3092	2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe	85
PID 2256 wrote to memory of 3092	2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe	85
PID 2256 wrote to memory of 3092	2256	2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Local\Temp\SETUP_35164\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\SETUP_35164\Setup.exe
  2⤵
  - Executes dropped EXE
  PID:3092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\SETUP_35164\Modern_Setup.bmp

Filesize
149KB

MD5
ded1d8db477cc655b17e16c6fe989707

SHA1
e48613ed98876b022460f629971c941ad3100f78

SHA256
7a5d14d64ef24cdf895f947700f6e8444940c3cf5b23e868f2b3a14f0fe14206

SHA512
3efc3d0d2bce3f5b2c9d74d1e5dee275e6bc8098e4e805ad67c57e3567c888fcd5865cee517f52419a8dd587383d51c385647873fbd025a0781e4371dba60be2

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_35164\Setup.exe

Filesize
314KB

MD5
49be6ba08582347dac2094c2abb42fc5

SHA1
df12871e6e34539d437664515f0238feaf98af4f

SHA256
eea62bd98348ffd0fb275a9b18e87c221c224aafb52c117f2c5330f38c7ec6a9

SHA512
f44724ba4763791e1320f87d2773a96353f1a5022476ea1989184ebd16fc2c132ca43fbf0619600806737b8ac4cfae5b80c363464d6da8310b1aa1c8afa83b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_35164\Setup.txt

Filesize
2KB

MD5
ce51adcc11949a21d3ff467e564fbd57

SHA1
26736d7bc7d46851a46e94a6aa62d95aec38b5b7

SHA256
1533f1fc8c4c1a6d351d675dc4d67b22416f1ecbcd861bb75428121808c6f1f0

SHA512
a31f8fa2e8dde0b65ccf9077f6896187e73088a8adb895df08ba9c08da07aade65ac9715180b3a187c799f791b7b859fa1521b541196bb715ada38180b863ab1

Download Submit
memory/2256-13-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3092-9-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/3092-10-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download
memory/3092-14-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/3092-17-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download