df42d999da3b66f2199f812fad8ad2c24f934bda36a195c58e8b2ae5dd5249dc

Analysis

max time kernel
132s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 10:54

Target

a2417101d1308eda5ed1caba1a77fc5b_JaffaCakes118.exe
Size

104KB
MD5

a2417101d1308eda5ed1caba1a77fc5b
SHA1

e3b8dd429dd61b666696950563f15aaee1c444fd
SHA256

df42d999da3b66f2199f812fad8ad2c24f934bda36a195c58e8b2ae5dd5249dc
SHA512

3b9c595a69da22f99f67d06e1c2e5b07a033cc8213de6c6af436a905a225d9b3d1b92d62eb3c0ead767c5d4f5a7c6524d75b8e89ffff567cf3f62a1e9dafc18d
SSDEEP

1536:0aMmKEB9SeVOkNV9qpAUY539HpWwmgNkww5lx5lvLvEWgDAgvWSr:O29xzP53PWwnzelxEA8r

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1656-0-0x0000000000400000-0x0000000000459000-memory.dmp	upx
behavioral2/memory/1656-2-0x0000000000400000-0x0000000000459000-memory.dmp	upx

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2368	1656	WerFault.exe	85
4716	1656	WerFault.exe	85

C:\Users\Admin\AppData\Local\Temp\a2417101d1308eda5ed1caba1a77fc5b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a2417101d1308eda5ed1caba1a77fc5b_JaffaCakes118.exe"
1⤵
PID:1656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 216
  2⤵
  - Program crash
  PID:2368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 220
  2⤵
  - Program crash
  PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1656 -ip 1656
1⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1656 -ip 1656
1⤵
PID:116

memory/1656-0-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1656-2-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download