825279b4ee01cb696222882013f632b6aa635167733b34987e68b82906c02dca

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 06:33

Target

409016c0af19c53d12728d32bf6e8aeb_JaffaCakes118.exe
Size

314KB
MD5

409016c0af19c53d12728d32bf6e8aeb
SHA1

f374800463d79f4d1e8f2f452c73f8215d59d057
SHA256

825279b4ee01cb696222882013f632b6aa635167733b34987e68b82906c02dca
SHA512

6b1305cb17d5295fa81c94ee66cac6fa57e2337e0f97a8a3bf2a7eab4f00fb82fc326c7f6194954a3bf96fa35887ea97fbcf0d5184faaeb91f005192f4c68aa8
SSDEEP

6144:rgODPGMlZ5+BGQCIKqbBuu7be7EmMPViQO8ksBMOVKxB6aEw3o6:dPJb5QGOZb0J7EHViChMOm6aP

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1652-0-0x0000000000400000-0x00000000004EC000-memory.dmp	upx
behavioral1/memory/1652-59-0x0000000000400000-0x00000000004EC000-memory.dmp	upx
behavioral1/memory/1652-739444-0x0000000000400000-0x00000000004EC000-memory.dmp	upx
behavioral1/memory/1652-362194-0x0000000000090000-0x0000000000190000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

Processes:

409016c0af19c53d12728d32bf6e8aeb_JaffaCakes118.exe

description pid process

PID 1652 set thread context of 0 1652 409016c0af19c53d12728d32bf6e8aeb_JaffaCakes118.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

409016c0af19c53d12728d32bf6e8aeb_JaffaCakes118.exe

pid process

1652 409016c0af19c53d12728d32bf6e8aeb_JaffaCakes118.exe

description	pid	process
PID 1652 set thread context of 0	1652	409016c0af19c53d12728d32bf6e8aeb_JaffaCakes118.exe

pid	process
1652	409016c0af19c53d12728d32bf6e8aeb_JaffaCakes118.exe

memory/1652-0-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/1652-3-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1652-27-0x00000000006A0000-0x00000000007A0000-memory.dmp

Filesize
1024KB

Download
memory/1652-59-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/1652-739444-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/1652-363049-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/1652-363048-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/1652-363047-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/1652-363046-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/1652-363045-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/1652-363044-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/1652-363043-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/1652-363042-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/1652-362194-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/1652-362193-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download