3b6be12f4acfcdfe554384809d387171670e48604fbb45b42e86ee6552c7d14e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20-07-2024 07:06

Target

5f7d239b044f75d37bbc30ac0eea03aa_JaffaCakes118.exe
Size

467KB
MD5

5f7d239b044f75d37bbc30ac0eea03aa
SHA1

cb191a409a4fea541ea8022be8e5fc7284c1433a
SHA256

3b6be12f4acfcdfe554384809d387171670e48604fbb45b42e86ee6552c7d14e
SHA512

3f5af07ac5bb9748e2160f938fecadeb136746183051fa51c27717cad7d0fac1bb76449647913ebab784c0ea2bde8c9a96dee4fb2d91aed7f295819c12a5e4d9
SSDEEP

6144:5Bgkb2togAU7W8DotkWWwTrXryB7FTrrz9VxLY7iAVLTBQJln:5hdg3i8ukWWAruRL9nLYWAVZQL

Score

8^/10

upx

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\svgtook.exe	5f7d239b044f75d37bbc30ac0eea03aa_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2004	svgtook.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1672-0-0x0000000000400000-0x0000000000D9D000-memory.dmp	upx
behavioral1/files/0x00090000000120fa-5.dat	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\keys.ini	5f7d239b044f75d37bbc30ac0eea03aa_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2284	2004	WerFault.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2284	2004	svgtook.exe	31
PID 2004 wrote to memory of 2284	2004	svgtook.exe	31
PID 2004 wrote to memory of 2284	2004	svgtook.exe	31
PID 2004 wrote to memory of 2284	2004	svgtook.exe	31

C:\Windows\SysWOW64\drivers\svgtook.exe
C:\Windows\SysWOW64\drivers\svgtook.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 220
  2⤵
  - Program crash
  PID:2284

C:\Windows\SysWOW64\drivers\svgtook.exe

Filesize
467KB

MD5
5f7d239b044f75d37bbc30ac0eea03aa

SHA1
cb191a409a4fea541ea8022be8e5fc7284c1433a

SHA256
3b6be12f4acfcdfe554384809d387171670e48604fbb45b42e86ee6552c7d14e

SHA512
3f5af07ac5bb9748e2160f938fecadeb136746183051fa51c27717cad7d0fac1bb76449647913ebab784c0ea2bde8c9a96dee4fb2d91aed7f295819c12a5e4d9

Download Submit
memory/1672-0-0x0000000000400000-0x0000000000D9D000-memory.dmp

Filesize
9.6MB

Download
memory/1672-3-0x0000000000400000-0x0000000000D9D000-memory.dmp

Filesize
9.6MB

Download
memory/1672-14-0x0000000000400000-0x0000000000D9D000-memory.dmp

Filesize
9.6MB

Download
memory/2004-7-0x0000000000400000-0x0000000000D9D000-memory.dmp

Filesize
9.6MB

Download
memory/2004-6-0x0000000000400000-0x0000000000D9D000-memory.dmp

Filesize
9.6MB

Download
memory/2004-9-0x0000000000400000-0x0000000000D9D000-memory.dmp

Filesize
9.6MB

Download