9faebf37d9bc157333fb458bd96ed7edf20768fa0a8701d41756a92d1f0e5fc4

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
Size

155KB
MD5

72cff0cc0cdbed2ca3b43e4f0b395391
SHA1

d1d9ead45f074e270fd73a301cbf43b387d4474b
SHA256

9faebf37d9bc157333fb458bd96ed7edf20768fa0a8701d41756a92d1f0e5fc4
SHA512

d774e0623d8255d31dea3e04e0aa758c12aca0c233f033d4bcbfe5b605bb83f491080e1786da7c1b0681ca8bee0c56790707a1377a1258c75f293485f99aae57
SSDEEP

1536:w0TlRnD2O8MiF2t/t10yekAO0/V67bZcu/5KTSzCEeT8XD9cRcKajhpswxg/tBVT:zlRnDCMdb5tAOmdT0CEeTPAuj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/812-0-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/812-104-0x0000000000400000-0x0000000000429000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\MQ1CiG	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\xTbMqY	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\xqtIFgU5RK	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\PokyMSdtJ	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\85rajDP	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\2eR5l4hdq5	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\wbp1iRIoq	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\yg7RkwNaX5	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\h5Goo	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\iypBR	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\NLMu8B	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\wMmPT	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\fRWGEyWepm	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\rQfFOR	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\sFSR3OHmKx	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\5uhJBRCpr	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\U8tvys	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\lyR8Q	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\SP7N5QR	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\XuH2r	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\sOBqEsOd	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\aNyyQ	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\c6AoRxyXra	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\M7WyP	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\MBNGjia	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\dfRBer5rM	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\h2SknLu2	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\J6Kupc	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\Cgp8g	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\3O5rD	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\Ck3U2S	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\EeiFVwW4	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\bVpurUvYy	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\7oF5wJf	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\EOfMmTG8qg	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\oxoNdwg	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\qfciH	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\gm7jSHxV7Y	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\yGQLB	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\Hkd5Uani	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\oJRiiX7jR	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\ICkLPPEU	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\ACXqv	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\LgmtP	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\t3VLmH6e2	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\6oNPp	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\qJBbLHA3	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\vnT4wLLEs	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\LBaWy4	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\KGYFQp28	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\EWu8DdR	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\esdgQWBj	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\QhtpYXjhL	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\NKP256Aw	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\A11kvBuy	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\bgxYTFCL	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\1l7Xs7	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\M1hYuBT3	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\7d8DwOQ	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\oRVXoSH	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\k6sjApWo	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\P7WCgBW	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\cbmQXxI7	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
File opened for modification	C:\Windows\KBGD4jw	72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2788	812	WerFault.exe	85

C:\Users\Admin\AppData\Local\Temp\72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\72cff0cc0cdbed2ca3b43e4f0b395391_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
PID:812
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 248
  2⤵
  - Program crash
  PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 812 -ip 812
1⤵
PID:3124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/812-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/812-103-0x0000000002170000-0x0000000002171000-memory.dmp

Filesize
4KB

Download
memory/812-104-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads