7045cbf87c37cb793e2fd853b921a2395a9474cbeabd481d489898618e940a55

Analysis

max time kernel
139s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 08:26

Target

5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe
Size

333KB
MD5

5fbfa1ebb7b53dac4eb5ab23439221e5
SHA1

512f6445d56daaf02f4692c39cfc131ad2c948c2
SHA256

7045cbf87c37cb793e2fd853b921a2395a9474cbeabd481d489898618e940a55
SHA512

9c4630c505d0a10f6e40180cb0019c2e39febe93a41053c2d96f9769e8d8f6cc6b3a69eb8a50216fd05f3fbdb3615fdfe5460b24c5eccb3e7d34b1e12256d2bd
SSDEEP

3072:EfP4FGzopTIjywszepfklcg5AwZ8oBlQIO9cBSB:EfP7GdzeVkjAgJkZAQ

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3700-0-0x0000000000400000-0x0000000000446000-memory.dmp	upx
behavioral2/memory/3700-7-0x0000000000400000-0x0000000000446000-memory.dmp	upx

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3700 set thread context of 3964	3700	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	85
PID 3964 set thread context of 4448	3964	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	86

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3700	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe
3964	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 3964	3700	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	85
PID 3700 wrote to memory of 3964	3700	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	85
PID 3700 wrote to memory of 3964	3700	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	85
PID 3700 wrote to memory of 3964	3700	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	85
PID 3700 wrote to memory of 3964	3700	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	85
PID 3700 wrote to memory of 3964	3700	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	85
PID 3700 wrote to memory of 3964	3700	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	85
PID 3700 wrote to memory of 3964	3700	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	85
PID 3964 wrote to memory of 4448	3964	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	86
PID 3964 wrote to memory of 4448	3964	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	86
PID 3964 wrote to memory of 4448	3964	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	86
PID 3964 wrote to memory of 4448	3964	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	86
PID 3964 wrote to memory of 4448	3964	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	86
PID 3964 wrote to memory of 4448	3964	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	86
PID 3964 wrote to memory of 4448	3964	5fbfa1ebb7b53dac4eb5ab23439221e5_JaffaCakes118.exe	86

memory/3700-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/3700-7-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/3964-3-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/3964-5-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/3964-14-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4448-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4448-12-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4448-13-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/4448-16-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/4448-17-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download