4b00ca11ea1f2f17e0d9b07a34bd4496ff08cde8f140656c6b9cf8391491335a

Analysis

max time kernel
115s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 21:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
Size

133KB
MD5

aca8af5141debe681e49bbc156a385f8
SHA1

4edec954fcb1c8c014e4da2ca21f9d3f0096ef0f
SHA256

4b00ca11ea1f2f17e0d9b07a34bd4496ff08cde8f140656c6b9cf8391491335a
SHA512

7a8ee1b2b490f7184e2d2536640d1c504b2ddd1cf2f35b5a78a965891b7882945b8f5dbcb990e4d0b2da58912d7770e140b8398c12cf8056865bb53dab114ff9
SSDEEP

1536:QeNFrlTvbbVladlSgUG2+f2WTt9fpOQLgPui6M0vtKQOLw/2Nj:hRnYlVV2+f2IjpgmiRcAQzU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2676-0-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2676-75-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Gniqh2	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\W2CS2	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\8xuuEFl	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\8nngEoL	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\pA8P1O	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\VQjKpNoC	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\8UHe2P	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\lnE1ok7SVo	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\a1PWcH	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\l2X358N	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\TOx3x5Y	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\nJtf64j	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\4IWYB	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\r7WdPkmtN	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\sXQAwehfl	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\GcCSso	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\RCLHfsoVKo	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\VfboROYGFY	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\Sg8JQhcb	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\oHjigD3tfi	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\SL4Gxd	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\tNbbFn	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\dWmqNQboc	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\1cUWTTc4e	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\bnGVMejdQS	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\1fQKO	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\wkxxch3S	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\dVgu63	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\DGweBm	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\OmW4hGUmrl	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\uhbYm	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\3tvJyeq	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\7msMUWiACu	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\mYDaRfcd	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\VQJPHi	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\7TtKhaDt2e	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\Mv8FNpV2hK	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\gUu2n5	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\eVOOvF	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\1euCH41Y2	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\k1atV	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\qRgYu374	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\WXtYjgGvWB	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\mrq5K4P	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\XJ5lf4C	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\Y4uGYpB	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\NxQK1	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\pyxFWS2S	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\2Qvsv	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\hkwRCVmf3P	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\oemKQGlTS	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\Iul4M	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\aPGWPE	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\ABrHyOQF	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\eDFchX7Gu	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\sGVbix	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\5hJOk1N	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\tfHvVM	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\SnAF2h	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\GDfBH3qm	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\CVkCg6GGje	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\csaYl7Vra4	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\dTU6n3qcO	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
File opened for modification	C:\Windows\74eKv	aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1596	2676	WerFault.exe	83

C:\Users\Admin\AppData\Local\Temp\aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\aca8af5141debe681e49bbc156a385f8_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
PID:2676
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 220
  2⤵
  - Program crash
  PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2676 -ip 2676
1⤵
PID:5048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2676-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2676-74-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2676-75-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads