9f56588a14c7a64e217eabe9d37234b1b4aa8361a8aa8fe44d81ca7a2cd3e9a0

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 21:20

Target

3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe
Size

88KB
MD5

3204b70b46229beea300c5a990d8e49f
SHA1

9c88a852b64aa5c07b2773a312b15ea6addb3f79
SHA256

9f56588a14c7a64e217eabe9d37234b1b4aa8361a8aa8fe44d81ca7a2cd3e9a0
SHA512

b0b823a373ddb54d77b9850945c9582f6574f81f61e88ade9ddc81f766369c3b0ceca13ce5050b42b4bcf73105841dc7a03da68b0db6d1d45d4f43f92f9a5e22
SSDEEP

1536:/Gy/XqiufYkNWP4c+GZWpAmNbZEs1bwHOb4nm3pT2aadFFWc8aOb4nm3pT2aad0:7SOP7wbZE0wHW64NaWh

Score

7^/10

upx

Executes dropped EXE 1 IoCs

pid	Process
2144	fuck__Duba.com

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0007000000012115-7.dat	upx
behavioral1/memory/2144-10-0x0000000000400000-0x0000000000424000-memory.dmp	upx
behavioral1/memory/2144-21-0x0000000000400000-0x0000000000424000-memory.dmp	upx

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\CCTV.exe	fuck__Duba.com
File opened for modification	C:\Windows\CCTV.exe	fuck__Duba.com

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1940	3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe
2144	fuck__Duba.com

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2144	1940	3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe	30
PID 1940 wrote to memory of 2144	1940	3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe	30
PID 1940 wrote to memory of 2144	1940	3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe	30
PID 1940 wrote to memory of 2144	1940	3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe	30
PID 2144 wrote to memory of 2404	2144	fuck__Duba.com	31
PID 2144 wrote to memory of 2404	2144	fuck__Duba.com	31
PID 2144 wrote to memory of 2404	2144	fuck__Duba.com	31
PID 2144 wrote to memory of 2404	2144	fuck__Duba.com	31

C:\Users\Admin\AppData\Local\Temp\fuck__Dubakill.bat

Filesize
82B

MD5
a5483cf5481b7805ee19c0256744924e

SHA1
d5535a4c8030ffbd7f60116e585ef6b2a9d84072

SHA256
421ec1396e428830f4f939c9020f1cd8cd8ea8544198e5c444c27330fbdc4fec

SHA512
6124c7152e7a1e679b0c693bc92db88da159d24f4d7412f06481f23bca96c73267ac482cb74bf2f94c52495744b16d769b7a8b1a470490b88615da63bbaf9b96

Download Submit
C:\fuck__Duba.com

Filesize
64KB

MD5
70a3e8b9b59d6d9e3e189ce119bd2b28

SHA1
b554cfabb6f0e817af8ec1d1f75d778235384adb

SHA256
d79c518dabec18851c712a0ee0582368978d036852b03d82810291aabc350749

SHA512
27d3831e5e7ebecff5a021671da3288e8c5a62fb52b000dfded7bff58f7471aefefd7f697fe64a4cb5f02d2627ba483fba5fbb971d3df3c4ff071e9e620101a0

Download Submit
memory/1940-9-0x0000000000290000-0x00000000002B4000-memory.dmp

Filesize
144KB

Download
memory/1940-8-0x0000000000290000-0x00000000002B4000-memory.dmp

Filesize
144KB

Download
memory/2144-10-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2144-21-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download