108116ebe972df28427cd9b35ae2e797a07a236f3044ffc14906d784f1c3e853

Analysis

max time kernel
142s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 18:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3a56cc58e009d3e94094ede97b7a76b6_JaffaCakes118.exe
Size

185KB
MD5

3a56cc58e009d3e94094ede97b7a76b6
SHA1

38f1c63b3f4d2728d8dd3e5edba29a69a65e7e21
SHA256

108116ebe972df28427cd9b35ae2e797a07a236f3044ffc14906d784f1c3e853
SHA512

8d1b1454c860e4dd737e8fac05faee9d86f022f7e45f588a370bc9da5925a994694b18e5947dd0e04af0cb59f383f2620f9948ac5794673e0efe6e7cb86ceabd
SSDEEP

3072:fq8T/rfl5rhrnhjMcmxW0DuWyAm0irgWT4yt1yG+VCrAcKwwNntXAd/glLtvdET1:C87rl5rhrnOvhy3Tx1yDCrawyntXAZgI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/988-1-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral2/memory/988-2-0x0000000000400000-0x0000000000455000-memory.dmp	upx
behavioral2/memory/4928-11-0x0000000000400000-0x0000000000455000-memory.dmp	upx
behavioral2/memory/988-13-0x0000000000400000-0x0000000000455000-memory.dmp	upx
behavioral2/memory/4072-70-0x0000000000400000-0x0000000000455000-memory.dmp	upx
behavioral2/memory/4072-71-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral2/memory/988-140-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral2/memory/988-177-0x0000000000400000-0x0000000000455000-memory.dmp	upx

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 988 wrote to memory of 4928	988	3a56cc58e009d3e94094ede97b7a76b6_JaffaCakes118.exe	86
PID 988 wrote to memory of 4928	988	3a56cc58e009d3e94094ede97b7a76b6_JaffaCakes118.exe	86
PID 988 wrote to memory of 4928	988	3a56cc58e009d3e94094ede97b7a76b6_JaffaCakes118.exe	86
PID 988 wrote to memory of 4072	988	3a56cc58e009d3e94094ede97b7a76b6_JaffaCakes118.exe	87
PID 988 wrote to memory of 4072	988	3a56cc58e009d3e94094ede97b7a76b6_JaffaCakes118.exe	87
PID 988 wrote to memory of 4072	988	3a56cc58e009d3e94094ede97b7a76b6_JaffaCakes118.exe	87

C:\Users\Admin\AppData\Local\Temp\3a56cc58e009d3e94094ede97b7a76b6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3a56cc58e009d3e94094ede97b7a76b6_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:988
- C:\Users\Admin\AppData\Local\Temp\3a56cc58e009d3e94094ede97b7a76b6_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\3a56cc58e009d3e94094ede97b7a76b6_JaffaCakes118.exe startC:\Program Files (x86)\LP\F027\4FE.exe%C:\Program Files (x86)\LP\F027
  2⤵
  PID:4928
- C:\Users\Admin\AppData\Local\Temp\3a56cc58e009d3e94094ede97b7a76b6_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\3a56cc58e009d3e94094ede97b7a76b6_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\7FFAB\4E3F0.exe%C:\Users\Admin\AppData\Roaming\7FFAB
  2⤵
  PID:4072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\7FFAB\BDBB.FFA

Filesize
1KB

MD5
4b4508afb8ac108b7990f05b51aaa4cd

SHA1
7666aa912181e19e8a3308fbc95dcc6db4773ed3

SHA256
0fe347a9b67bbb97fce25d879a1cc2c1c26d364876af46396e093d9c30a4c2ae

SHA512
bd935152c6ed94448d9ef4d74bd78200d167cdbe0256614af435ed5c1115d3a0e53206e2df8940c1506ba6693b6e0410b700a5cc7e958c0f8c0ca69940263c80

Download Submit
C:\Users\Admin\AppData\Roaming\7FFAB\BDBB.FFA

Filesize
600B

MD5
ed517b076f6377a925dcf8cbd1191d28

SHA1
f6dddcf4a1e0b7edfab21d5b385fd10a0dc20edb

SHA256
c5110c0a123d24e4140b23286af53d03e5188c9b25d0c4ecf44a692b00abece3

SHA512
09f94a943fe605afe6ae48ff3248a13862c2a010b2dcd2b234f9a02a088624a20e40a76a0ffc61750a2289d469d052937fd7b49ccc8afa6daf77f17a6cc88086

Download Submit
C:\Users\Admin\AppData\Roaming\7FFAB\BDBB.FFA

Filesize
996B

MD5
3f31f52316725fc15a61983fae6efb0c

SHA1
5b2dfebf55a5fd87bdf6d2baa7bdeab5efd42435

SHA256
7000289051fe48346881a8b0dea3c2be638208b1d1587ed3a5e2f73af52c6706

SHA512
66e2289dc46bd5d0eef641b318caa022b6b15324604f0e9e3bea219a4815e2ea2ec72b4628a621888e3213c4ead477c06b260c4ea9d8447af289472e99085e38

Download Submit
memory/988-1-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/988-2-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/988-13-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/988-140-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/988-177-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/4072-70-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/4072-71-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/4928-11-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads