Overview

overview

7

Static

static

7

47264e4166...18.exe

windows7-x64

7

47264e4166...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14-07-2024 22:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47264e4166abd279eaafb895663b4d69_JaffaCakes118.exe

  • Size

    73KB

  • MD5

    47264e4166abd279eaafb895663b4d69

  • SHA1

    424885bdb3b3d1716cd6c89e6c7f2f2e27a28d03

  • SHA256

    f4e2b0088afc7f1f340d2235ff662acbd246736c135eadc18015899f89bd6e14

  • SHA512

    11b4fd96b31ab026aff9b5540ea596b43825d76141aa18667fd1174c5d38160173fb81af9dbb3b9f2b8c92feb5fbaa1fc9dfd07627da970bad22c0b1cd0213fe

  • SSDEEP

    1536:PsqW3CgBWgZrwHRbQs6tLOtx2uTej1IjExjTQcq0Faof4LgK:dW3rBWgZ0GNL02uTeZzxY0aCEx

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47264e4166abd279eaafb895663b4d69_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\47264e4166abd279eaafb895663b4d69_JaffaCakes118.exe"
    1⤵
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:1328

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1328-3-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1328-4-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1328-7-0x00000000006C0000-0x00000000006C8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1328-6-0x00000000006C2000-0x00000000006C3000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2168-0-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2168-1-0x0000000000220000-0x0000000000222000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2168-5-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download