9faebf37d9bc157333fb458bd96ed7edf20768fa0a8701d41756a92d1f0e5fc4

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26-07-2024 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
Size

155KB
MD5

72cff0cc0cdbed2ca3b43e4f0b395391
SHA1

d1d9ead45f074e270fd73a301cbf43b387d4474b
SHA256

9faebf37d9bc157333fb458bd96ed7edf20768fa0a8701d41756a92d1f0e5fc4
SHA512

d774e0623d8255d31dea3e04e0aa758c12aca0c233f033d4bcbfe5b605bb83f491080e1786da7c1b0681ca8bee0c56790707a1377a1258c75f293485f99aae57
SSDEEP

1536:w0TlRnD2O8MiF2t/t10yekAO0/V67bZcu/5KTSzCEeT8XD9cRcKajhpswxg/tBVT:zlRnDCMdb5tAOmdT0CEeTPAuj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2420-5-0x0000000000400000-0x0000000000429000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\h2SknLu2	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\LBaWy4	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\3RKOBDmVfR	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\2eR5l4hdq5	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\xTbMqY	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\xh6uIG	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\M1hYuBT3	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\pXT2I	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\CurboAcjW	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\U8tvys	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\M7WyP	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\Hkd5Uani	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\Ck3U2S	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\3O5rD	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\lyR8Q	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\YXcxBUc	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\6oNPp	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\3rEMqwln	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\5uhJBRCpr	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\dfRBer5rM	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\gK5DRA	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\NKP256Aw	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\Cgp8g	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\aNyyQ	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\yg7RkwNaX5	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\LqdImOr	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\QhtpYXjhL	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\EOfMmTG8qg	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\yGQLB	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\sFSR3OHmKx	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\xpox7uH	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\qJBbLHA3	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\UMBLCygPHd	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\c6AoRxyXra	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\wbp1iRIoq	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\SK661liE	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\ICkLPPEU	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\J6Kupc	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\k6sjApWo	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\NLMu8B	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\CfYPBStQ	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\P3A8WdpgNY	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\gLss87MA	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\h5Goo	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\A11kvBuy	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\t3VLmH6e2	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\84j5iEhTSO	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\PxoQCwuU	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\V7cp2	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\vJ774LwaJ	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\P7WCgBW	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\eqq51YwKXD	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\rQfFOR	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\58s6dXS8C	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\XypNX33	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\cbmQXxI7	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\sOBqEsOd	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\PokyMSdtJ	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\bgxYTFCL	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\gm7jSHxV7Y	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\QskGgElj	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\8Shq18voQ	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\3KB7Xq	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\YAMec7fEx	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2420	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
2420	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
2420	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2420	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious behavior: RenamesItself
PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2420-5-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2420-103-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2420-104-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2420-106-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2420-105-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2420-107-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download