7050394b7bf2bc04c802d19bbee1d1f64ae319439e0148d5f060f22a1c71cb87

General

Target

182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
Size

1.7MB
MD5

182f588cf0a5745ac63384b84743a358
SHA1

ca1b7a0c0ae141dfd0a42c133fe664d0023acd6b
SHA256

7050394b7bf2bc04c802d19bbee1d1f64ae319439e0148d5f060f22a1c71cb87
SHA512

b8085074a312acd77e2f39c40b9466b0587099876906e55459a7d48599b491fcdd92931d184314f63e89c3599b842209b1f9029fd162ae0517b80342a289fc61
SSDEEP

12288:5wawSwaw1wawSwawMh8wawSwaw1wawSwawMh:U5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3788-0-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3788-1-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/files/0x000700000002321c-6.dat	upx
behavioral2/memory/3788-18-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3788-19-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3788-20-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3788-21-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3788-22-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3788-23-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3788-24-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3788-25-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3788-26-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3788-27-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3788-28-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3788-29-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3788-30-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Drops file in Windows directory 17 IoCs

description	ioc	Process
File created	C:\Windows\win32dc\DAoC(hack).exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\DAoC(hack).exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Counter-Strike trainer.exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File created	C:\Windows\win32dc\Quake3 + codes.exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Sims 2(serial).exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File created	C:\Windows\win32dc\BattleField 1942 + codes.exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File created	C:\Windows\win32dc\Doom 3 patch.exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Doom 3 patch.exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File created	C:\Windows\win32dc\UT2004_serial.exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File created	C:\Windows\win32dc\Doom 3_trainer.exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File created	C:\Windows\win32dc\Sims 2(serial).exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File created	C:\Windows\win32dc\Counter-Strike trainer.exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\UT2004_serial.exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File created	C:\Windows\win32dc\Sims 2 + serial.exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Sims 2 + serial.exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File created	C:\Windows\win32dc\Half-Life 2 + cdfix.exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Half-Life 2 + cdfix.exe	182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\182f588cf0a5745ac63384b84743a358_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
PID:3788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\win32dc\Counter-Strike trainer.exe

Filesize
1.7MB

MD5
77d7a76def106096aad36c76f28802ae

SHA1
ecb64a97c76d4f72c558f036f89dc2d6a9b83f4f

SHA256
80654613455e3e64cddaf7f92aef6c07e7a8326cb8486c9413d9a414466e86ca

SHA512
b9e1468638ce39149fc36a06f1773903adf610bdd73be32fe4e2da697e1e3671fa18bd689ccd3d9b57d418f627a9d52c133d340832eeae31c3d206c230044e5a

Download Submit
memory/3788-23-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3788-26-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3788-18-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3788-19-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3788-20-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3788-21-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3788-1-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3788-24-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3788-22-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3788-25-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3788-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3788-27-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3788-28-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3788-29-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3788-30-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads