deecbd30492fbcb6c5c48c2fef3deb21ec86f483c6a196af454a007f0fab5740

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 01:09

Target

2a7307f38b156f09dcc835e421de9550_JaffaCakes118.exe
Size

109KB
MD5

2a7307f38b156f09dcc835e421de9550
SHA1

613f3fe329dc22626599d1926aff8273091c8c74
SHA256

deecbd30492fbcb6c5c48c2fef3deb21ec86f483c6a196af454a007f0fab5740
SHA512

ff4fd3eccdbe4d77dee3eb6e2fcddb1a8ed28b0353b733ff8f0b1b914ecc892472951e34663211cba428ea543318107287c5a3f5d0963e95cad204779c3cd02e
SSDEEP

3072:no2YLdVjRx/bKmMyapopKUzf2QppKUzf2Q/x:jyVVx/vMyapoU02CU02c

Score

7^/10

upx

Executes dropped EXE 1 IoCs

pid	Process
2292	6.exe

Loads dropped DLL 2 IoCs

pid	Process
2300	2a7307f38b156f09dcc835e421de9550_JaffaCakes118.exe
2300	2a7307f38b156f09dcc835e421de9550_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2300-0-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2300-16-0x0000000000400000-0x0000000000429000-memory.dmp	upx

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\addins\__tmp_rar_sfx_access_check_259432704	2a7307f38b156f09dcc835e421de9550_JaffaCakes118.exe
File created	C:\Windows\addins\SERVER& MesHoOo.exe	2a7307f38b156f09dcc835e421de9550_JaffaCakes118.exe
File opened for modification	C:\Windows\addins\SERVER& MesHoOo.exe	2a7307f38b156f09dcc835e421de9550_JaffaCakes118.exe
File created	C:\Windows\addins\6.exe	2a7307f38b156f09dcc835e421de9550_JaffaCakes118.exe
File opened for modification	C:\Windows\addins\6.exe	2a7307f38b156f09dcc835e421de9550_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2292	6.exe
2292	6.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2292	2300	2a7307f38b156f09dcc835e421de9550_JaffaCakes118.exe	30
PID 2300 wrote to memory of 2292	2300	2a7307f38b156f09dcc835e421de9550_JaffaCakes118.exe	30
PID 2300 wrote to memory of 2292	2300	2a7307f38b156f09dcc835e421de9550_JaffaCakes118.exe	30
PID 2300 wrote to memory of 2292	2300	2a7307f38b156f09dcc835e421de9550_JaffaCakes118.exe	30
PID 2292 wrote to memory of 1196	2292	6.exe	21
PID 2292 wrote to memory of 1196	2292	6.exe	21
PID 2292 wrote to memory of 1196	2292	6.exe	21
PID 2292 wrote to memory of 1196	2292	6.exe	21

C:\Windows\addins\6.exe

Filesize
29KB

MD5
2f4d7f8aaf1159c1ac9aeecc29efc16b

SHA1
953e8ca8d7dac80993b11c020b013f336bc24812

SHA256
b6cfc148d216abce314cdf921d107f7a06df567bf170a0d49f7b341549f7ab8a

SHA512
3803a81bb0303ba55e718da159eab3ae29e5c6b26e873d9e8e36beb71dcfbd15f2b49b71414fda949efe82773644b8703140a2a808a13dd1e1328bdf7b124405

Download Submit
memory/1196-18-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1196-22-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/2292-21-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2292-31-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2300-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2300-13-0x0000000001DB0000-0x0000000001DB9000-memory.dmp

Filesize
36KB

Download
memory/2300-16-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2300-8-0x0000000001DB0000-0x0000000001DB9000-memory.dmp

Filesize
36KB

Download