0ea3c0aa204a8f0a12ae72610161b2b4cc24dfc0529bf357349efd2f4446995a

Analysis

max time kernel
93s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 02:26

Target

2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe
Size

266KB
MD5

2eae0f59a0c8436672b01fac33ab0cf7
SHA1

56a9dcd5a1ee241697413a49760789ecea97e061
SHA256

0ea3c0aa204a8f0a12ae72610161b2b4cc24dfc0529bf357349efd2f4446995a
SHA512

1aecda66db8802e9bdb780c67cf8e0e1a4b55afa94140fab28ad7d8db2f2b8c4f3937108862acd9ca119c163d235e2e4d37a052b9d5a5fc747a77f2315180aec
SSDEEP

6144:DPT6+5GX5x0vHCw8r4ksloo4YHkAY3ZFSd7TaRGg6f70dQ:Dm+5GJxiCxnCYpFSERP6F

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2396	2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2396	2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3960-0-0x0000000000400000-0x0000000000486000-memory.dmp	upx
behavioral2/files/0x0006000000022f55-12.dat	upx
behavioral2/memory/2396-14-0x0000000000400000-0x0000000000486000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3960	2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3960	2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe
2396	2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 2396	3960	2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe	84
PID 3960 wrote to memory of 2396	3960	2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe	84
PID 3960 wrote to memory of 2396	3960	2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe

Filesize
266KB

MD5
47f41986ad0ac2a8d6fd33131abc8be7

SHA1
cf071955f29991d0571432b9890354970c5136d9

SHA256
cc1e0e323e39677dacf33f1d452be1efc71717ff08edbcee00965317ea8e9583

SHA512
ba9bdcf23807965a0e7e928f0071675ab8cb73def8cf0d31bc9304895bb459e06248941a38c8ba26868d9acf115ba0a945e6697b496203c3a5dc05d1cedfa649

Download Submit
memory/2396-14-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2396-21-0x00000000001A0000-0x00000000001C1000-memory.dmp

Filesize
132KB

Download
memory/2396-15-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2396-30-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/3960-0-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/3960-1-0x0000000001490000-0x00000000014B1000-memory.dmp

Filesize
132KB

Download
memory/3960-2-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3960-13-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download