01d55cfad345c8a4250edb551093c8b5917a8a011e6b4613d0e0d08f46ee8542

Analysis

max time kernel
148s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 07:27

Target

00297804c3d1531a1a26087cc07155b3_JaffaCakes118.exe
Size

18KB
MD5

00297804c3d1531a1a26087cc07155b3
SHA1

ab12ff7e34812d5503b11faf73b5e385c062fa63
SHA256

01d55cfad345c8a4250edb551093c8b5917a8a011e6b4613d0e0d08f46ee8542
SHA512

3bc3c23b9a1bf7b584fd3de01f7f56b9cf4ff56fa89a59a30ed5d1e4d5700fa6d660fce90c844791e33a66cd4cc8bb23b7a2fdab3c00a2c1836a93f15f845490
SSDEEP

384:pXHcyAInJmKhJHP1fMsXGIOKjTwr0Z0XteJt3by:pXHc1IwKRftZjTw80X+t3

Score

5^/10

upx

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2904-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2904-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2904-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2904-6-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2904-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2904-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2904-9-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2904-10-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2904-11-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2904-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2904-13-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2904-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2904-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system.ini	00297804c3d1531a1a26087cc07155b3_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\00297804c3d1531a1a26087cc07155b3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\00297804c3d1531a1a26087cc07155b3_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
PID:2904

memory/2904-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2904-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2904-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2904-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2904-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2904-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2904-9-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2904-10-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2904-11-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2904-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2904-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2904-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2904-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download