2efa70232740c252175882f6cd954bbfde6940aac0f103184e264e5442bbd9a1

Analysis

max time kernel
32s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 04:39

Target

48413cf6ce1214149e678d95d72fa0a3_JaffaCakes118.exe
Size

80KB
MD5

48413cf6ce1214149e678d95d72fa0a3
SHA1

711bfe43033484d82a5d80010264fe59b83006c6
SHA256

2efa70232740c252175882f6cd954bbfde6940aac0f103184e264e5442bbd9a1
SHA512

049cb77c384a9a53417be82a80d06c5d9164bf8adb862c9421609b18d06b459b0ab7386a4ea719751fd2d6a945bed03fb86c874f658df18187828612a3214246
SSDEEP

1536:Pn8blxkztiDcinuASTvypRbTEUaLusLl1EmDCSW4nKwf+aLzVP3Zi6KBl/sIfC4:PnajkBiAplKpRbTEUaLu+l1fDCknKEVc

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4660-0-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4660-1-0x0000000000400000-0x0000000000421000-memory.dmp	upx

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\shell\\ikdtl	48413cf6ce1214149e678d95d72fa0a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell	48413cf6ce1214149e678d95d72fa0a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	48413cf6ce1214149e678d95d72fa0a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}	48413cf6ce1214149e678d95d72fa0a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\\shell\\ikdtl\\command	48413cf6ce1214149e678d95d72fa0a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	48413cf6ce1214149e678d95d72fa0a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\ikdtl	48413cf6ce1214149e678d95d72fa0a3_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\48413cf6ce1214149e678d95d72fa0a3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\48413cf6ce1214149e678d95d72fa0a3_JaffaCakes118.exe"
1⤵
- Modifies registry class
PID:4660

memory/4660-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4660-1-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download