821ed9cc66075dc4eef18042c533cef623ae3899129660457e5b11de31679827

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 09:36

Target

342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe
Size

56KB
MD5

342d47ba4069cffd8e790518bb4cf724
SHA1

5e0f4921fd3557bd2e37e2e77beaf77c813aaaad
SHA256

821ed9cc66075dc4eef18042c533cef623ae3899129660457e5b11de31679827
SHA512

58a03b97b0e68f448129e0ec6334cc4617230248e86eeeccbb9ce95539547e5f588a21ac767ef6307ba77586927b6f43a3a1295d150d098fb1cf73e842c5b552
SSDEEP

768:L4QhOF2PBEPRTIelvWYqAartcIgPkhFd5AUGkoxCVgH4kMc4hZK5iCLMvNxvimtY:kcclkruIlF/GkC/zM3c5ZLMX1SKNyx

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2832	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2832	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
2912	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2912-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x00090000000120f1-10.dat	upx
behavioral1/memory/2912-12-0x0000000000170000-0x00000000001AA000-memory.dmp	upx
behavioral1/memory/2832-17-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2912	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2912	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe
2832	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2832	2912	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe	31
PID 2912 wrote to memory of 2832	2912	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe	31
PID 2912 wrote to memory of 2832	2912	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe	31
PID 2912 wrote to memory of 2832	2912	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe	31

\Users\Admin\AppData\Local\Temp\342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe

Filesize
56KB

MD5
c81ab80a564a18b744ae0ce1a293bb3f

SHA1
72c157f62b155b2c637b1d80ae1d75ebf5314571

SHA256
436d0d2a8d498b9c40c274ed75ab05442d2adb4d8bd5c976a542fef1e2561ab0

SHA512
4d59d8e909f40b80430d16ee48d4fad17e1a693e7a8efbaf6aa9fed0b1412a839006a860101be32632ac785975110d0427d9c7aa31da15dc574a212c30676efd

Download Submit
memory/2832-17-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2832-18-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2832-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-28-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/2832-29-0x0000000000170000-0x000000000018B000-memory.dmp

Filesize
108KB

Download
memory/2832-30-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2912-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2912-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2912-6-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/2912-12-0x0000000000170000-0x00000000001AA000-memory.dmp

Filesize
232KB

Download
memory/2912-16-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download