05c1a06ae5d97821d6d495f478965b45326bfd869502258b4cc123d78d54e7f9

General

Target

05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
Size

283KB
MD5

05f73e480c01d1f965493b324d36ecf2
SHA1

e15e13cd756cda97d607d9e2326b78d1a262cfbc
SHA256

05c1a06ae5d97821d6d495f478965b45326bfd869502258b4cc123d78d54e7f9
SHA512

987af2c4819bf792e9a601707f5daa288e6bc8c4bbdea4bd990c74d8a9a3aaed8b7ee5bfb2847b2da92d0f1855ec2fa31748e4a790eefae9013e21cd67119668
SSDEEP

6144:SUp/B8APOTBj5zzZVTB6JENPDXclQ9DK9mBaUZhDRPYu:SGO1Vz3TB6UTclQ9v9Yu

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0033000000014983-3.dat	acprotect
behavioral1/files/0x0007000000014e5a-61.dat	acprotect
behavioral1/files/0x0007000000015023-79.dat	acprotect

Loads dropped DLL 35 IoCs

pid	Process
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
2936	05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe

UPX packed file 19 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0033000000014983-3.dat	upx
behavioral1/memory/2936-5-0x0000000074620000-0x0000000074689000-memory.dmp	upx
behavioral1/memory/2936-57-0x0000000074620000-0x0000000074689000-memory.dmp	upx
behavioral1/memory/2936-32-0x0000000074590000-0x00000000745F9000-memory.dmp	upx
behavioral1/memory/2936-27-0x0000000074620000-0x0000000074689000-memory.dmp	upx
behavioral1/files/0x0007000000014e5a-61.dat	upx
behavioral1/memory/2936-64-0x0000000074670000-0x0000000074687000-memory.dmp	upx
behavioral1/memory/2936-63-0x0000000074590000-0x00000000745F9000-memory.dmp	upx
behavioral1/memory/2936-71-0x0000000074590000-0x00000000745F9000-memory.dmp	upx
behavioral1/memory/2936-92-0x00000000743A0000-0x0000000074409000-memory.dmp	upx
behavioral1/memory/2936-113-0x0000000074410000-0x0000000074479000-memory.dmp	upx
behavioral1/memory/2936-86-0x0000000074680000-0x000000007468A000-memory.dmp	upx
behavioral1/files/0x0007000000015023-79.dat	upx
behavioral1/memory/2936-78-0x0000000074460000-0x0000000074477000-memory.dmp	upx
behavioral1/memory/2936-147-0x0000000074410000-0x0000000074479000-memory.dmp	upx
behavioral1/memory/2936-158-0x00000000742C0000-0x0000000074329000-memory.dmp	upx
behavioral1/memory/2936-167-0x0000000074410000-0x0000000074479000-memory.dmp	upx
behavioral1/memory/2936-170-0x00000000742C0000-0x0000000074329000-memory.dmp	upx
behavioral1/memory/2936-175-0x0000000074410000-0x0000000074479000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\05f73e480c01d1f965493b324d36ecf2_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nst13D0.tmp\extra.dll

Filesize
177KB

MD5
ddc0cd4c52586a7d90e498a660f4c771

SHA1
493f0f3d65018a7e659bef143665f495ad9251ed

SHA256
2df15d16e5b37de207c58f86770e82b1bbc21788c9560f34450acb48a9c5c208

SHA512
3e2f8cce4a9469cd94472ffa96217d6279cea2326c738460aa5d111b9b1036a728cccd47fab561d564b26a8187f4fd527cc1d16070eb6f9fb0e296cd4b3a24cf

Download Submit
\Users\Admin\AppData\Local\Temp\nst13D0.tmp\nsJSON.dll

Filesize
7KB

MD5
78b913fcd04259634a5e901c616e6074

SHA1
ad5e1c651851a1125bcad79b01ccdcfa45df4799

SHA256
e3ce60666bb88c2412615ef9f432ec24e219532dee5cc1c7aebc65ed9ec94d59

SHA512
cbe07179dd93011f3d9a8f83541961ff34fb83d96658ac82a433ef0aa3399b183eaec3e6a49ec1c1e478d1eada2d3ebc78ffb1ae0574984ae66a7a9cab5d59e5

Download Submit
\Users\Admin\AppData\Local\Temp\nst13D0.tmp\sign.dll

Filesize
32KB

MD5
d30b6c8d2f38e6abbb2f39bac0808bc0

SHA1
f1bca6416ae0f4c52e5b076381c72b18472954d8

SHA256
1f2b4549129c1b98c5674fe363a0267376dfd623323c5815216043dfa7fe1f2a

SHA512
3bf03d839ffa04c1d5eeb89a6405820ab2eea3548050e730255df7e84dfc729157c0d5c7eceeead5e8e1f4aa23777fe78a5582f0772c85bf0f793dd245a887e8

Download Submit
memory/2936-87-0x0000000074620000-0x0000000074689000-memory.dmp

Filesize
420KB

Download
memory/2936-78-0x0000000074460000-0x0000000074477000-memory.dmp

Filesize
92KB

Download
memory/2936-27-0x0000000074620000-0x0000000074689000-memory.dmp

Filesize
420KB

Download
memory/2936-57-0x0000000074620000-0x0000000074689000-memory.dmp

Filesize
420KB

Download
memory/2936-64-0x0000000074670000-0x0000000074687000-memory.dmp

Filesize
92KB

Download
memory/2936-63-0x0000000074590000-0x00000000745F9000-memory.dmp

Filesize
420KB

Download
memory/2936-71-0x0000000074590000-0x00000000745F9000-memory.dmp

Filesize
420KB

Download
memory/2936-92-0x00000000743A0000-0x0000000074409000-memory.dmp

Filesize
420KB

Download
memory/2936-5-0x0000000074620000-0x0000000074689000-memory.dmp

Filesize
420KB

Download
memory/2936-112-0x00000000743A0000-0x0000000074409000-memory.dmp

Filesize
420KB

Download
memory/2936-111-0x0000000074410000-0x0000000074479000-memory.dmp

Filesize
420KB

Download
memory/2936-102-0x00000000743A0000-0x0000000074409000-memory.dmp

Filesize
420KB

Download
memory/2936-97-0x0000000074410000-0x0000000074479000-memory.dmp

Filesize
420KB

Download
memory/2936-19-0x0000000074620000-0x0000000074689000-memory.dmp

Filesize
420KB

Download
memory/2936-32-0x0000000074590000-0x00000000745F9000-memory.dmp

Filesize
420KB

Download
memory/2936-86-0x0000000074680000-0x000000007468A000-memory.dmp

Filesize
40KB

Download
memory/2936-113-0x0000000074410000-0x0000000074479000-memory.dmp

Filesize
420KB

Download
memory/2936-81-0x0000000074590000-0x00000000745F9000-memory.dmp

Filesize
420KB

Download
memory/2936-77-0x0000000074410000-0x0000000074479000-memory.dmp

Filesize
420KB

Download
memory/2936-150-0x00000000742C0000-0x0000000074329000-memory.dmp

Filesize
420KB

Download
memory/2936-149-0x00000000742C0000-0x0000000074329000-memory.dmp

Filesize
420KB

Download
memory/2936-148-0x00000000742C0000-0x0000000074329000-memory.dmp

Filesize
420KB

Download
memory/2936-147-0x0000000074410000-0x0000000074479000-memory.dmp

Filesize
420KB

Download
memory/2936-146-0x00000000742C0000-0x0000000074329000-memory.dmp

Filesize
420KB

Download
memory/2936-158-0x00000000742C0000-0x0000000074329000-memory.dmp

Filesize
420KB

Download
memory/2936-167-0x0000000074410000-0x0000000074479000-memory.dmp

Filesize
420KB

Download
memory/2936-170-0x00000000742C0000-0x0000000074329000-memory.dmp

Filesize
420KB

Download
memory/2936-169-0x00000000743A0000-0x0000000074409000-memory.dmp

Filesize
420KB

Download
memory/2936-168-0x0000000074460000-0x0000000074477000-memory.dmp

Filesize
92KB

Download
memory/2936-175-0x0000000074410000-0x0000000074479000-memory.dmp

Filesize
420KB

Download
memory/2936-176-0x00000000743A0000-0x0000000074409000-memory.dmp

Filesize
420KB

Download
memory/2936-183-0x0000000074460000-0x0000000074473000-memory.dmp

Filesize
76KB

Download

Analysis

Sharing