9ad2ad08a70490a58eb05b25d8d6a4d8611bb06aea67fac39738c96f9edba9d1

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 13:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
Size

133KB
MD5

34d8256c1f59ce990c29b572a6813abd
SHA1

fdb4f590e38421fa3a88e44c8037c9dcac0c2ad0
SHA256

9ad2ad08a70490a58eb05b25d8d6a4d8611bb06aea67fac39738c96f9edba9d1
SHA512

d167788c7499f010925077f4ed99baa68e16d6d671c665970efbd3a2706a815c7b8060dcf4af011d1ca4934f3427316f378a95cf0657602c14eb0ecabd3ffb23
SSDEEP

1536:YeNFrlTvbbVladlSgUG2+f2WTt9fpOQLgPui6M0vtKQOLw/2Nj:ZRnYlVV2+f2IjpgmiRcAQzU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2968-0-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2968-75-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ABrHyOQF	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\tfHvVM	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\dWmqNQboc	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\T8X7Pr8	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\aPGWPE	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\5hJOk1N	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\Gniqh2	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\mrq5K4P	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\qRgYu374	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\bMgNPtp6	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\2Qvsv	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\W2CS2	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\eDFchX7Gu	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\eVOOvF	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\8nngEoL	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\pyxFWS2S	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\bnGVMejdQS	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\5pmmsMdNFo	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\hkwRCVmf3P	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\l2X358N	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\TOx3x5Y	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\OmW4hGUmrl	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\Sg8JQhcb	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\wkxxch3S	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\3tvJyeq	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\1Vi1Y22E	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\WtQPnivy6	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\dTU6n3qcO	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\GDfBH3qm	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\DGweBm	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\uhbYm	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\7msMUWiACu	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\sXQAwehfl	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\XJ5lf4C	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\7TtKhaDt2e	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\SnAF2h	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\gUu2n5	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\mYDaRfcd	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\NxQK1	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\sGVbix	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\pA8P1O	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\FtuUKI7tLO	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\r7WdPkmtN	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\a1PWcH	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\Hvo7kUU	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\VQJPHi	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\WXtYjgGvWB	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\GJX5lU7	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\Iul4M	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\VfboROYGFY	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\1euCH41Y2	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\74eKv	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\CVkCg6GGje	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\4IWYB	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\dVgu63	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\8xuuEFl	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\hwvfAj	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\VQjKpNoC	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\oHjigD3tfi	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\lnE1ok7SVo	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\Mv8FNpV2hK	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\csaYl7Vra4	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\RCLHfsoVKo	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
File opened for modification	C:\Windows\1fQKO	34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4572	2968	WerFault.exe	82

C:\Users\Admin\AppData\Local\Temp\34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\34d8256c1f59ce990c29b572a6813abd_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
PID:2968
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 220
  2⤵
  - Program crash
  PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2968 -ip 2968
1⤵
PID:4224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2968-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2968-74-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/2968-75-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads