258a6cd6dda37e3e169f38de9c78ceef5e36e043045f455930aa81f30f8c660a

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 11:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
Size

133KB
MD5

5bbc6d35005bd0824be9d541790f181a
SHA1

37f53c3f6f17bb3fd7d33984669be62306dc961c
SHA256

258a6cd6dda37e3e169f38de9c78ceef5e36e043045f455930aa81f30f8c660a
SHA512

43d0714b0d6f3782cde1bd1f90db21fee361ab65edab462a9350df6b7a71f79aeabca09b7d7697dcd567a4b3a6299d77457354ca0084a2ad6caca9bfbe135b15
SSDEEP

1536:xeNFrlTvbbVladlSgUG2+f2WTt9fpOQLgPui6M0vtKQOLw/2Nj:qRnYlVV2+f2IjpgmiRcAQzU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3144-0-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/3144-75-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\3tvJyeq	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\WtQPnivy6	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\dWmqNQboc	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\DGweBm	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\oHjigD3tfi	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\NxQK1	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\5hJOk1N	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\uhbYm	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\5pmmsMdNFo	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\pyxFWS2S	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\hkwRCVmf3P	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\bMgNPtp6	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\lnE1ok7SVo	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\RCLHfsoVKo	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\4IWYB	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\tfHvVM	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\Mv8FNpV2hK	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\8xuuEFl	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\SL4Gxd	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\sXQAwehfl	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\Y4uGYpB	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\a1PWcH	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\k1atV	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\Gniqh2	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\wkxxch3S	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\sGVbix	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\csaYl7Vra4	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\T8X7Pr8	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\GJX5lU7	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\aPGWPE	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\nJtf64j	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\VfboROYGFY	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\ABrHyOQF	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\8UHe2P	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\CVkCg6GGje	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\dVgu63	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\7msMUWiACu	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\eVOOvF	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\pA8P1O	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\hwvfAj	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\74eKv	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\TOx3x5Y	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\1cUWTTc4e	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\VQJPHi	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\Sg8JQhcb	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\GcCSso	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\GDfBH3qm	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\8nngEoL	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\qRgYu374	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\Iul4M	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\tNbbFn	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\1Vi1Y22E	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\bnGVMejdQS	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\eDFchX7Gu	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\WXtYjgGvWB	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\OmW4hGUmrl	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\FtuUKI7tLO	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\2Qvsv	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\W2CS2	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\SnAF2h	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\gUu2n5	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\oemKQGlTS	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\7TtKhaDt2e	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
File opened for modification	C:\Windows\r7WdPkmtN	5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2568	3144	WerFault.exe	83

C:\Users\Admin\AppData\Local\Temp\5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5bbc6d35005bd0824be9d541790f181a_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
PID:3144
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 228
  2⤵
  - Program crash
  PID:2568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3144 -ip 3144
1⤵
PID:2340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3144-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3144-74-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/3144-75-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads