bbc8f28b73630dbb3dabb642acd2ec66e70dd83b15efbde395ad1ec78c574e5c

Analysis

max time kernel
99s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 18:24

Target

3a4277164cbd1a57b270c2968b6ef9d6_JaffaCakes118.exe
Size

65KB
MD5

3a4277164cbd1a57b270c2968b6ef9d6
SHA1

338247f82e2c64eebcc471f15b17a7bf8bc0ce15
SHA256

bbc8f28b73630dbb3dabb642acd2ec66e70dd83b15efbde395ad1ec78c574e5c
SHA512

9e94db1193919c26526518cce446b35a63ada4a1a7575e01b46c576146a1f5f9229dd656204744eeb2cd1638c5102c86be5528caac64612714a6313672341702
SSDEEP

1536:hKZ4GQtQqHACGR0zkZb+2fCrv5qaALKn9qPBEU:MXQpg7RUkZb+uCrv3IR

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1888-0-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/1888-1-0x0000000000400000-0x0000000000429000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1888	3a4277164cbd1a57b270c2968b6ef9d6_JaffaCakes118.exe
1888	3a4277164cbd1a57b270c2968b6ef9d6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3a4277164cbd1a57b270c2968b6ef9d6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3a4277164cbd1a57b270c2968b6ef9d6_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1888-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1888-1-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download