de32b123ab997f15c9f16d3b0ea2b5c1c24c7ef9f1f117e1006293214830e9ff

Analysis

max time kernel
143s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 12:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

34a95f6cd7b953e764ee63826cc9963a_JaffaCakes118.exe
Size

183KB
MD5

34a95f6cd7b953e764ee63826cc9963a
SHA1

4b6cd65e6b7d71a113e300da6860b9e243ef8ea1
SHA256

de32b123ab997f15c9f16d3b0ea2b5c1c24c7ef9f1f117e1006293214830e9ff
SHA512

828a542c6d34dd5d545fdd5f2930afb8e056a1719fd77d78d3fd7a683f94acad299a5340cb42be187d20d6bca7185b62d5a1f3d0bee26c7023ee205a4a1437df
SSDEEP

3072:mbnZZ7muTdYwPD3Q4Br7GYt4El+3pyStGEgspA5la1OwifYpLibjwFM3LwVPfEy:QZZiuTdhL35r7VkpJGEgsajclobjAIL1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3200-1-0x0000000000400000-0x0000000000451000-memory.dmp	upx
behavioral2/memory/3200-2-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral2/memory/4644-11-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral2/memory/4644-12-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral2/memory/4644-14-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral2/memory/3200-15-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral2/memory/3276-82-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral2/memory/3200-83-0x0000000000400000-0x0000000000451000-memory.dmp	upx
behavioral2/memory/3200-182-0x0000000000400000-0x0000000000454000-memory.dmp	upx

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 4644	3200	34a95f6cd7b953e764ee63826cc9963a_JaffaCakes118.exe	84
PID 3200 wrote to memory of 4644	3200	34a95f6cd7b953e764ee63826cc9963a_JaffaCakes118.exe	84
PID 3200 wrote to memory of 4644	3200	34a95f6cd7b953e764ee63826cc9963a_JaffaCakes118.exe	84
PID 3200 wrote to memory of 3276	3200	34a95f6cd7b953e764ee63826cc9963a_JaffaCakes118.exe	91
PID 3200 wrote to memory of 3276	3200	34a95f6cd7b953e764ee63826cc9963a_JaffaCakes118.exe	91
PID 3200 wrote to memory of 3276	3200	34a95f6cd7b953e764ee63826cc9963a_JaffaCakes118.exe	91

C:\Users\Admin\AppData\Local\Temp\34a95f6cd7b953e764ee63826cc9963a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\34a95f6cd7b953e764ee63826cc9963a_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Users\Admin\AppData\Local\Temp\34a95f6cd7b953e764ee63826cc9963a_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\34a95f6cd7b953e764ee63826cc9963a_JaffaCakes118.exe startC:\Program Files (x86)\LP\5332\19C.exe%C:\Program Files (x86)\LP\5332
  2⤵
  PID:4644
- C:\Users\Admin\AppData\Local\Temp\34a95f6cd7b953e764ee63826cc9963a_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\34a95f6cd7b953e764ee63826cc9963a_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\250A7\7DE53.exe%C:\Users\Admin\AppData\Roaming\250A7
  2⤵
  PID:3276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\250A7\7A7C.50A

Filesize
1KB

MD5
0d01b0249aba559d35c204b6008c5dac

SHA1
3163c7284569e7d258673960b36fa173e1a1475b

SHA256
19b5017ff0387bbe9ccff2cd873476a84944d6bc9d809c5e2b2b9319bd8696ad

SHA512
f0aa0c005b8340e578d3809994b1b9a996dc32f25109543271a811fccb70c4cde6e585a2272b87be42a3ceec499ba267d904ecaabab7e076d300679f5e714864

Download Submit
C:\Users\Admin\AppData\Roaming\250A7\7A7C.50A

Filesize
600B

MD5
7e289aa42796198fee4d84e4f793a55e

SHA1
7b39c9adc6a91ad09e7512ec796e2fd157f6d180

SHA256
2fb507639292ed97fc4bd5fe6269f37b17d9811d31979a87867ad4428caaaac1

SHA512
cde49de12abbae7191a90feea8b1b7fc2cba1f408fb4ff3c2e1a0af5e78e3446f5becae6c899ae78634fa2b190545d17b1af9d5f6c28a525295f618cee1f57a2

Download Submit
C:\Users\Admin\AppData\Roaming\250A7\7A7C.50A

Filesize
996B

MD5
86c0c33768beec8f1de7277790ef1889

SHA1
8c9d2e8ae5987780e0533e85967aaa362a3fb2f8

SHA256
62d0db03c8d81b598288a508b6f6c69799e7afc760bf0115854af73c341cc265

SHA512
cab009d08dc8f69e8852a33d1a545e0d7c3515eeaea1c1632bc35280c6a96473de73fd6ec19b53cc04407e2c8fc172c2a22638b6133785f3781a22a98ca8254b

Download Submit
memory/3200-83-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/3200-15-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3200-1-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/3200-2-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3200-182-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3276-81-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3276-82-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4644-14-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4644-12-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4644-11-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads