3898663df820568ce9e4d535e8ee1596556385a89680b5e50430fab330c7ef47

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-09-2024 17:54

Target

ff10937cf01773edd8bb795d6552a473_JaffaCakes118.exe
Size

1.2MB
MD5

ff10937cf01773edd8bb795d6552a473
SHA1

ef3c120073889a0ec2ea2b6032e085f1d91b6897
SHA256

3898663df820568ce9e4d535e8ee1596556385a89680b5e50430fab330c7ef47
SHA512

5a1775885af8006c9daf285652b76674a81ed5163b1b7d2fa1c7b558e6062f7dde1fe26677d75a22def4f96c251939c1a14e82fd6e0fa2ed65050c88c9d92c34
SSDEEP

24576:1RiJc9p13Ogw0+2JtCxqfmYFKZLBzn9n1Gaa0xSRmjcaP1FJzGX+9m3PrU:1Rb/3VRptrmYFKZFJ1a0xSU97Zi+Qg

Score

7^/10

themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
behavioral1/memory/2508-4-0x0000000000400000-0x000000000064C000-memory.dmp	themida

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 1180	2508	ff10937cf01773edd8bb795d6552a473_JaffaCakes118.exe	21
PID 2508 wrote to memory of 1180	2508	ff10937cf01773edd8bb795d6552a473_JaffaCakes118.exe	21
PID 2508 wrote to memory of 1180	2508	ff10937cf01773edd8bb795d6552a473_JaffaCakes118.exe	21
PID 2508 wrote to memory of 1180	2508	ff10937cf01773edd8bb795d6552a473_JaffaCakes118.exe	21
PID 2508 wrote to memory of 1180	2508	ff10937cf01773edd8bb795d6552a473_JaffaCakes118.exe	21
PID 2508 wrote to memory of 1180	2508	ff10937cf01773edd8bb795d6552a473_JaffaCakes118.exe	21

memory/1180-6-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/1180-12-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

Filesize
24KB

Download
memory/2508-0-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2508-1-0x0000000000650000-0x0000000000721000-memory.dmp

Filesize
836KB

Download
memory/2508-4-0x0000000000400000-0x000000000064C000-memory.dmp

Filesize
2.3MB

Download
memory/2508-3-0x0000000000401000-0x0000000000408000-memory.dmp

Filesize
28KB

Download
memory/2508-2-0x0000000004240000-0x0000000004242000-memory.dmp

Filesize
8KB

Download