ccc6029956de339c0da61913c2816cecbd876275fabdbcc9a20c57d72e645a1f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 09:14

Target

492768c6c2a2d81d408c4a2d4cac0673_JaffaCakes118.exe
Size

21KB
MD5

492768c6c2a2d81d408c4a2d4cac0673
SHA1

1d91c3a8200462b0f39011fc39ea875c1662f2ec
SHA256

ccc6029956de339c0da61913c2816cecbd876275fabdbcc9a20c57d72e645a1f
SHA512

9b022db5659f165feed5a5686e890ccdf2bd5c3804ce111023137fd1f46348f7cc4e35829b8c8c21264bb3b81f0f94dc2470d6106966061f62bef7ed1427c478
SSDEEP

192:MSxvoRkKihvYcmrnlnhQzCaes0mMglnKQechJHRC3:MqUlnhQNes0mMmnKQDbHRC3

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2372-0-0x0000000000400000-0x0000000000407000-memory.dmp	upx
behavioral1/memory/2372-1-0x0000000000400000-0x0000000000407000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2828	2372	492768c6c2a2d81d408c4a2d4cac0673_JaffaCakes118.exe	31
PID 2372 wrote to memory of 2828	2372	492768c6c2a2d81d408c4a2d4cac0673_JaffaCakes118.exe	31
PID 2372 wrote to memory of 2828	2372	492768c6c2a2d81d408c4a2d4cac0673_JaffaCakes118.exe	31
PID 2372 wrote to memory of 2828	2372	492768c6c2a2d81d408c4a2d4cac0673_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\492768c6c2a2d81d408c4a2d4cac0673_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\492768c6c2a2d81d408c4a2d4cac0673_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c PAUSE
  2⤵
  PID:2828

memory/2372-0-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2372-1-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download