2bbb413214ac10551b86aa68dfa84175a0f5323b2b903cc1ded168e4db008cc2

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 08:01

Target

3c9580c65766ab88c7c031c04bb4dbcf_JaffaCakes118.exe
Size

56KB
MD5

3c9580c65766ab88c7c031c04bb4dbcf
SHA1

df977afc5b63b75a0713bf0772b81ad9f9e673a7
SHA256

2bbb413214ac10551b86aa68dfa84175a0f5323b2b903cc1ded168e4db008cc2
SHA512

0e33fa08f04420f9983c51e18f56500ee6670c8183bea708d300a5bfd00564ba2a572fb92316c867509457aaf050bd462ed1f3761affd1480243baeaf3b03608
SSDEEP

1536:oW6XbxH8NmPeS5fDrrrUd7dWzNaAQEflkAvtgGA:oW6bxHUmPPDEdWZaVEC2gG

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2388	3c9580c65766ab88c7c031c04bb4dbcf_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2388	3c9580c65766ab88c7c031c04bb4dbcf_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5084-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0009000000023428-11.dat	upx
behavioral2/memory/2388-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5084	3c9580c65766ab88c7c031c04bb4dbcf_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5084	3c9580c65766ab88c7c031c04bb4dbcf_JaffaCakes118.exe
2388	3c9580c65766ab88c7c031c04bb4dbcf_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 2388	5084	3c9580c65766ab88c7c031c04bb4dbcf_JaffaCakes118.exe	85
PID 5084 wrote to memory of 2388	5084	3c9580c65766ab88c7c031c04bb4dbcf_JaffaCakes118.exe	85
PID 5084 wrote to memory of 2388	5084	3c9580c65766ab88c7c031c04bb4dbcf_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\3c9580c65766ab88c7c031c04bb4dbcf_JaffaCakes118.exe

Filesize
56KB

MD5
e1a08a37379b0a96f696d7eff8294bd5

SHA1
437dab793dc6c5ac6645d82e85a723fe17395bdb

SHA256
5e538c200d919a799ff16b1bb0d7922f3105722a0a4a796bd55d69b39b50bda4

SHA512
e7cedd49d0abfcca3a1bc19d0ff237fb4b0bf77d27b122881cee442c6a0000c83cfcf921d569d053eb149cf21c38052508e792b654e3e354013a179848f101ac

Download Submit
memory/2388-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2388-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2388-19-0x0000000000190000-0x000000000019E000-memory.dmp

Filesize
56KB

Download
memory/2388-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2388-25-0x00000000015B0000-0x00000000015CB000-memory.dmp

Filesize
108KB

Download
memory/2388-26-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/5084-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/5084-1-0x00000000000E0000-0x00000000000EE000-memory.dmp

Filesize
56KB

Download
memory/5084-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5084-12-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download