6e9834a7440cb1a6b2b1ee6bb57b3b396079f81839c689c0c4a065f12eea6869

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 08:10

Target

1a8c4d88c4fa380ff11f201f8ceb976b_JaffaCakes118.exe
Size

85KB
MD5

1a8c4d88c4fa380ff11f201f8ceb976b
SHA1

f41a3ae18c30aaf2724d6b71702ec3927464e6c3
SHA256

6e9834a7440cb1a6b2b1ee6bb57b3b396079f81839c689c0c4a065f12eea6869
SHA512

33295b759344db2b1e6fb342d1da01172cc252f4097f63e6ae9fc76e30e0a2ec91375318293ffca4e8b928ea0f76ca78d82bca6a3894e8ce918893f535e65ae3
SSDEEP

1536:tzTV8ja1LqV51oLUQutfTKR/kCRu2Afl89t4+7o7GT8ER27xXWuTDPZp0a1FcJqT:tvV8ja1+ZoLUQUf2/kCY2Afl89jFR21T

Score

7^/10

VMProtect packed file 2 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

behavioral1/memory/1936-0-0x0000000000400000-0x0000000000425000-memory.dmp vmprotect
behavioral1/memory/1936-1-0x0000000000400000-0x0000000000425000-memory.dmp vmprotect
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

1a8c4d88c4fa380ff11f201f8ceb976b_JaffaCakes118.exe

pid process

1936 1a8c4d88c4fa380ff11f201f8ceb976b_JaffaCakes118.exe

resource	yara_rule
behavioral1/memory/1936-0-0x0000000000400000-0x0000000000425000-memory.dmp	vmprotect
behavioral1/memory/1936-1-0x0000000000400000-0x0000000000425000-memory.dmp	vmprotect

pid	process
1936	1a8c4d88c4fa380ff11f201f8ceb976b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1a8c4d88c4fa380ff11f201f8ceb976b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1a8c4d88c4fa380ff11f201f8ceb976b_JaffaCakes118.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:1936

memory/1936-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1936-1-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download