70e232b76649e3201c9daea74655901ee1804ce068fd7cba24fa3da8b6b1d1d7

Analysis

max time kernel
32s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 07:11

Target

2f6c7d83de6b251d61361490d8b6c53e_JaffaCakes118.exe
Size

133KB
MD5

2f6c7d83de6b251d61361490d8b6c53e
SHA1

a550e37e91163a2eca8e1bc75d508f60bcef616b
SHA256

70e232b76649e3201c9daea74655901ee1804ce068fd7cba24fa3da8b6b1d1d7
SHA512

3c482e38529238196675bde9bd49007ca1bab687877519578773a11f65432200739a91f97f0de1e9beaaa8739f5755050622427305f9a05325186d608567082c
SSDEEP

3072:YxRXQHTVZ3kWxCYInCHYY1EM9bQyQAw+0cHGVv5A8sVIfYiQ:Y8HH0qh1lO+0cYEVItQ

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2852	2f6c7d83de6b251d61361490d8b6c53e_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2852	2f6c7d83de6b251d61361490d8b6c53e_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
1328	2f6c7d83de6b251d61361490d8b6c53e_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1328-0-0x0000000000400000-0x0000000000486000-memory.dmp	upx
behavioral1/files/0x0009000000012119-10.dat	upx
behavioral1/memory/1328-15-0x0000000000360000-0x00000000003E6000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1328	2f6c7d83de6b251d61361490d8b6c53e_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1328	2f6c7d83de6b251d61361490d8b6c53e_JaffaCakes118.exe
2852	2f6c7d83de6b251d61361490d8b6c53e_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 2852	1328	2f6c7d83de6b251d61361490d8b6c53e_JaffaCakes118.exe	31
PID 1328 wrote to memory of 2852	1328	2f6c7d83de6b251d61361490d8b6c53e_JaffaCakes118.exe	31
PID 1328 wrote to memory of 2852	1328	2f6c7d83de6b251d61361490d8b6c53e_JaffaCakes118.exe	31
PID 1328 wrote to memory of 2852	1328	2f6c7d83de6b251d61361490d8b6c53e_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\2f6c7d83de6b251d61361490d8b6c53e_JaffaCakes118.exe

Filesize
133KB

MD5
6631ea066e07e7b2023e65b1d218c2c7

SHA1
d7a4dc71c11c8449c03d4913d892d5f9f2f5d029

SHA256
be9889ef01622400dc0b8fa159e5168d57c160322cea2aad01c01a4df1472c45

SHA512
19c90deeea0e2688689c78177368955c6cf89d327e2a99d7c50f1b3c6df5fa8043e02c297cc46b75658f902102c660a131fe5344396c505ca30d02054a6ed709

Download Submit
memory/1328-0-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1328-9-0x00000000002F0000-0x0000000000311000-memory.dmp

Filesize
132KB

Download
memory/1328-15-0x0000000000360000-0x00000000003E6000-memory.dmp

Filesize
536KB

Download
memory/1328-14-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1328-1-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1328-40-0x0000000000360000-0x00000000003E6000-memory.dmp

Filesize
536KB

Download
memory/2852-23-0x0000000000150000-0x0000000000171000-memory.dmp

Filesize
132KB

Download
memory/2852-41-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download