821ed9cc66075dc4eef18042c533cef623ae3899129660457e5b11de31679827

Analysis

max time kernel
143s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 09:36

Target

342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe
Size

56KB
MD5

342d47ba4069cffd8e790518bb4cf724
SHA1

5e0f4921fd3557bd2e37e2e77beaf77c813aaaad
SHA256

821ed9cc66075dc4eef18042c533cef623ae3899129660457e5b11de31679827
SHA512

58a03b97b0e68f448129e0ec6334cc4617230248e86eeeccbb9ce95539547e5f588a21ac767ef6307ba77586927b6f43a3a1295d150d098fb1cf73e842c5b552
SSDEEP

768:L4QhOF2PBEPRTIelvWYqAartcIgPkhFd5AUGkoxCVgH4kMc4hZK5iCLMvNxvimtY:kcclkruIlF/GkC/zM3c5ZLMX1SKNyx

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4788	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4788	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4892-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a00000002347c-11.dat	upx
behavioral2/memory/4788-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4892	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4892	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe
4788	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 4788	4892	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe	85
PID 4892 wrote to memory of 4788	4892	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe	85
PID 4892 wrote to memory of 4788	4892	342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\342d47ba4069cffd8e790518bb4cf724_JaffaCakes118.exe

Filesize
56KB

MD5
5906238c8d84484d231aabd09db73fa9

SHA1
4b8702d6d0b6fd3e44f90912cccd5f4a625fc047

SHA256
751e318036275c169defe294f07ab98a95e502ed48fcd547eff797500be70991

SHA512
d1be86a61cd1b165d50c2d76fe091bd0994e80b2333bbcb86a388216b8999b042ac81003a477d4b7f3c9cac8c19b69d098f5a8328a59b6b77875b3f325cc6815

Download Submit
memory/4788-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4788-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4788-19-0x00000000000C0000-0x00000000000CE000-memory.dmp

Filesize
56KB

Download
memory/4788-21-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4788-25-0x00000000001D0000-0x00000000001EB000-memory.dmp

Filesize
108KB

Download
memory/4788-26-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4892-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4892-1-0x00000000001B0000-0x00000000001BE000-memory.dmp

Filesize
56KB

Download
memory/4892-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4892-12-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download