a632f846cba89e1967941cd3deddc57d9d759715507d286a763f2d1a7bc64f7f

Analysis

max time kernel
139s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
Size

133KB
MD5

5c164e5ec0d1383dd957759bbe28bb96
SHA1

ecebafd0366ab9acb7d0edbd0dee10f90ece3c95
SHA256

a632f846cba89e1967941cd3deddc57d9d759715507d286a763f2d1a7bc64f7f
SHA512

8ce5fbe0501f857e14b035a6c1eb30fb81f63187719dca0c47ef593596f0ab5ffce6d5cac0b63de080ad7fbde7b44e08064c1f25a9a34c1ed71c96306061dd61
SSDEEP

1536:leNFrlTvbbVladlSgUG2+f2WTt9fpOQLgPui6M0vtKQOLw/2Nj:2RnYlVV2+f2IjpgmiRcAQzU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/644-0-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/644-75-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\sGVbix	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\mYDaRfcd	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\NxQK1	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\dWmqNQboc	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\dTU6n3qcO	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\mrq5K4P	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\TOx3x5Y	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\7TtKhaDt2e	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\Y4uGYpB	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\GJX5lU7	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\tNbbFn	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\lnE1ok7SVo	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\tfHvVM	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\1Vi1Y22E	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\XJ5lf4C	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\DGweBm	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\GcCSso	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\Hvo7kUU	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\2Qvsv	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\T8X7Pr8	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\a1PWcH	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\8nngEoL	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\qRgYu374	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\VQJPHi	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\3tvJyeq	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\8xuuEFl	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\sXQAwehfl	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\8UHe2P	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\nJtf64j	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\ABrHyOQF	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\WtQPnivy6	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\aPGWPE	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\OmW4hGUmrl	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\VQjKpNoC	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\5hJOk1N	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\wkxxch3S	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\r7WdPkmtN	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\eVOOvF	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\pA8P1O	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\RCLHfsoVKo	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\hwvfAj	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\pyxFWS2S	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\eDFchX7Gu	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\1cUWTTc4e	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\VfboROYGFY	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\5pmmsMdNFo	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\hkwRCVmf3P	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\bMgNPtp6	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\Mv8FNpV2hK	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\csaYl7Vra4	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\SnAF2h	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\SL4Gxd	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\GDfBH3qm	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\k1atV	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\74eKv	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\uhbYm	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\Sg8JQhcb	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\oHjigD3tfi	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\FtuUKI7tLO	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\dVgu63	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\7msMUWiACu	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\gUu2n5	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\bnGVMejdQS	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
File opened for modification	C:\Windows\1fQKO	5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5052	644	WerFault.exe	83

C:\Users\Admin\AppData\Local\Temp\5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5c164e5ec0d1383dd957759bbe28bb96_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
PID:644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 232
  2⤵
  - Program crash
  PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 644 -ip 644
1⤵
PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/644-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/644-74-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/644-75-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads