2dcb3b067ba5d037cc367dd6749534130cd62a986ac0dac78fcf895fc69942ac

Analysis

max time kernel
8s
max time network
11s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-04-2024 01:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08c135bf6deb09a8683bf9c4a099c1be_JaffaCakes118.exe
Size

1.9MB
MD5

08c135bf6deb09a8683bf9c4a099c1be
SHA1

f81ef61cb07030da178bb28005d5214f909a0135
SHA256

2dcb3b067ba5d037cc367dd6749534130cd62a986ac0dac78fcf895fc69942ac
SHA512

7b096f02b1e1151cf7335cf21cf223c463dcddb9b758769378910be507afe612e13723b82e3ac6db299dfb52975af3f4774a1a152b6fdbbf795abe2c86ba3910
SSDEEP

49152:Lz071uv4BPMkibTIA5KIP7nTrmBhihM5xC+U1g:NABH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1420-0-0x000000013F3D0000-0x000000013F7C2000-memory.dmp	upx
behavioral1/files/0x000c000000014b27-6.dat	upx
behavioral1/files/0x002e00000001508a-11.dat	upx
behavioral1/files/0x000700000001568c-26.dat	upx
behavioral1/files/0x0007000000015be6-30.dat	upx
behavioral1/files/0x0007000000004e76-39.dat	upx
behavioral1/files/0x0007000000015d9b-47.dat	upx
behavioral1/files/0x0006000000015e3a-51.dat	upx
behavioral1/files/0x0006000000015fe9-63.dat	upx
behavioral1/files/0x00060000000161e7-72.dat	upx
behavioral1/files/0x0006000000016572-84.dat	upx
behavioral1/files/0x0006000000016cb7-112.dat	upx
behavioral1/files/0x0006000000016d26-128.dat	upx

C:\Users\Admin\AppData\Local\Temp\08c135bf6deb09a8683bf9c4a099c1be_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\08c135bf6deb09a8683bf9c4a099c1be_JaffaCakes118.exe"
1⤵
PID:1420
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  PID:2152
- C:\Windows\System\ScXPRsX.exe
  C:\Windows\System\ScXPRsX.exe
  2⤵
  PID:2632
- C:\Windows\System\UDkREnE.exe
  C:\Windows\System\UDkREnE.exe
  2⤵
  PID:2600
- C:\Windows\System\mjWucqn.exe
  C:\Windows\System\mjWucqn.exe
  2⤵
  PID:2592
- C:\Windows\System\OCVZxhl.exe
  C:\Windows\System\OCVZxhl.exe
  2⤵
  PID:2928
- C:\Windows\System\IWXxSaL.exe
  C:\Windows\System\IWXxSaL.exe
  2⤵
  PID:2196
- C:\Windows\System\TTEljEa.exe
  C:\Windows\System\TTEljEa.exe
  2⤵
  PID:2776
- C:\Windows\System\nYzdLDn.exe
  C:\Windows\System\nYzdLDn.exe
  2⤵
  PID:1964
- C:\Windows\System\NDshfKa.exe
  C:\Windows\System\NDshfKa.exe
  2⤵
  PID:604
- C:\Windows\System\snOnqeR.exe
  C:\Windows\System\snOnqeR.exe
  2⤵
  PID:1828
- C:\Windows\System\VEykLlN.exe
  C:\Windows\System\VEykLlN.exe
  2⤵
  PID:1984
- C:\Windows\System\tClKdLz.exe
  C:\Windows\System\tClKdLz.exe
  2⤵
  PID:2752
- C:\Windows\System\SFjUnwf.exe
  C:\Windows\System\SFjUnwf.exe
  2⤵
  PID:2696
- C:\Windows\System\kyDzAKg.exe
  C:\Windows\System\kyDzAKg.exe
  2⤵
  PID:2520
- C:\Windows\System\vTvqIpf.exe
  C:\Windows\System\vTvqIpf.exe
  2⤵
  PID:2816
- C:\Windows\System\AomEoGz.exe
  C:\Windows\System\AomEoGz.exe
  2⤵
  PID:3040
- C:\Windows\System\WfbBmYA.exe
  C:\Windows\System\WfbBmYA.exe
  2⤵
  PID:2664
- C:\Windows\System\DOOZgSz.exe
  C:\Windows\System\DOOZgSz.exe
  2⤵
  PID:1416
- C:\Windows\System\ZxOfeOJ.exe
  C:\Windows\System\ZxOfeOJ.exe
  2⤵
  PID:1752
- C:\Windows\System\fQEcTWv.exe
  C:\Windows\System\fQEcTWv.exe
  2⤵
  PID:1264
- C:\Windows\System\LdkUlhZ.exe
  C:\Windows\System\LdkUlhZ.exe
  2⤵
  PID:2224
- C:\Windows\System\nxshisI.exe
  C:\Windows\System\nxshisI.exe
  2⤵
  PID:3044
- C:\Windows\System\jGdYohT.exe
  C:\Windows\System\jGdYohT.exe
  2⤵
  PID:2624
- C:\Windows\System\mcjfxwY.exe
  C:\Windows\System\mcjfxwY.exe
  2⤵
  PID:1668
- C:\Windows\System\eJSUAOK.exe
  C:\Windows\System\eJSUAOK.exe
  2⤵
  PID:2504
- C:\Windows\System\PDXGLNI.exe
  C:\Windows\System\PDXGLNI.exe
  2⤵
  PID:1328
- C:\Windows\System\TImopOB.exe
  C:\Windows\System\TImopOB.exe
  2⤵
  PID:2636
- C:\Windows\System\ABLtdPh.exe
  C:\Windows\System\ABLtdPh.exe
  2⤵
  PID:2288
- C:\Windows\System\gyhikXO.exe
  C:\Windows\System\gyhikXO.exe
  2⤵
  PID:876
- C:\Windows\System\VGaIHgo.exe
  C:\Windows\System\VGaIHgo.exe
  2⤵
  PID:588
- C:\Windows\System\AeIwIKR.exe
  C:\Windows\System\AeIwIKR.exe
  2⤵
  PID:712
- C:\Windows\System\WOTsQLa.exe
  C:\Windows\System\WOTsQLa.exe
  2⤵
  PID:608
- C:\Windows\System\OtUHEri.exe
  C:\Windows\System\OtUHEri.exe
  2⤵
  PID:2136
- C:\Windows\System\XZhwcCR.exe
  C:\Windows\System\XZhwcCR.exe
  2⤵
  PID:1520
- C:\Windows\System\GLDQxmw.exe
  C:\Windows\System\GLDQxmw.exe
  2⤵
  PID:6284
- C:\Windows\System\teXpavg.exe
  C:\Windows\System\teXpavg.exe
  2⤵
  PID:6300
- C:\Windows\System\zciIxqm.exe
  C:\Windows\System\zciIxqm.exe
  2⤵
  PID:6316
- C:\Windows\System\iSODTGS.exe
  C:\Windows\System\iSODTGS.exe
  2⤵
  PID:6752
- C:\Windows\System\ziJPsuF.exe
  C:\Windows\System\ziJPsuF.exe
  2⤵
  PID:6896
- C:\Windows\System\tWKeAtK.exe
  C:\Windows\System\tWKeAtK.exe
  2⤵
  PID:6952
- C:\Windows\System\PooYqsN.exe
  C:\Windows\System\PooYqsN.exe
  2⤵
  PID:6968
- C:\Windows\System\CBTPcWk.exe
  C:\Windows\System\CBTPcWk.exe
  2⤵
  PID:7052
- C:\Windows\System\JQjvMeR.exe
  C:\Windows\System\JQjvMeR.exe
  2⤵
  PID:7132
- C:\Windows\System\AdcgrKT.exe
  C:\Windows\System\AdcgrKT.exe
  2⤵
  PID:7164
- C:\Windows\System\GArrbZo.exe
  C:\Windows\System\GArrbZo.exe
  2⤵
  PID:4340
- C:\Windows\System\cFLmokF.exe
  C:\Windows\System\cFLmokF.exe
  2⤵
  PID:4504
- C:\Windows\System\wOOjwPN.exe
  C:\Windows\System\wOOjwPN.exe
  2⤵
  PID:1996
- C:\Windows\System\omoViaP.exe
  C:\Windows\System\omoViaP.exe
  2⤵
  PID:2688
- C:\Windows\System\ROrscdk.exe
  C:\Windows\System\ROrscdk.exe
  2⤵
  PID:3080
- C:\Windows\System\yTqCfRI.exe
  C:\Windows\System\yTqCfRI.exe
  2⤵
  PID:4976
- C:\Windows\System\TmIJHyL.exe
  C:\Windows\System\TmIJHyL.exe
  2⤵
  PID:3204
- C:\Windows\System\DMolhtS.exe
  C:\Windows\System\DMolhtS.exe
  2⤵
  PID:5048
- C:\Windows\System\sQIbjFc.exe
  C:\Windows\System\sQIbjFc.exe
  2⤵
  PID:5080
- C:\Windows\System\MxmagRC.exe
  C:\Windows\System\MxmagRC.exe
  2⤵
  PID:3272
- C:\Windows\System\IFTXfPv.exe
  C:\Windows\System\IFTXfPv.exe
  2⤵
  PID:5152
- C:\Windows\System\EVGYsCw.exe
  C:\Windows\System\EVGYsCw.exe
  2⤵
  PID:3336
- C:\Windows\System\hKJMRce.exe
  C:\Windows\System\hKJMRce.exe
  2⤵
  PID:5248
- C:\Windows\System\cWBFoqH.exe
  C:\Windows\System\cWBFoqH.exe
  2⤵
  PID:5280
- C:\Windows\System\qoowhRD.exe
  C:\Windows\System\qoowhRD.exe
  2⤵
  PID:5380
- C:\Windows\System\JwCTnAn.exe
  C:\Windows\System\JwCTnAn.exe
  2⤵
  PID:5488
- C:\Windows\System\BAidtXu.exe
  C:\Windows\System\BAidtXu.exe
  2⤵
  PID:5556
- C:\Windows\System\Gztfrfg.exe
  C:\Windows\System\Gztfrfg.exe
  2⤵
  PID:5484
- C:\Windows\System\cDUBdXi.exe
  C:\Windows\System\cDUBdXi.exe
  2⤵
  PID:3496
- C:\Windows\System\yrAWiTC.exe
  C:\Windows\System\yrAWiTC.exe
  2⤵
  PID:3556
- C:\Windows\System\CZnxXgf.exe
  C:\Windows\System\CZnxXgf.exe
  2⤵
  PID:5724
- C:\Windows\System\klOTrEi.exe
  C:\Windows\System\klOTrEi.exe
  2⤵
  PID:3684
- C:\Windows\System\zuHWHJw.exe
  C:\Windows\System\zuHWHJw.exe
  2⤵
  PID:796
- C:\Windows\System\MlQnmyh.exe
  C:\Windows\System\MlQnmyh.exe
  2⤵
  PID:3128
- C:\Windows\System\MExTKmr.exe
  C:\Windows\System\MExTKmr.exe
  2⤵
  PID:3220
- C:\Windows\System\ekzcvrL.exe
  C:\Windows\System\ekzcvrL.exe
  2⤵
  PID:3284
- C:\Windows\System\QdnRfFp.exe
  C:\Windows\System\QdnRfFp.exe
  2⤵
  PID:3444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\IWXxSaL.exe

Filesize
1.9MB

MD5
f7a1bbe82d6c0e65978114ece2df216e

SHA1
5a06d8fc9d4c387ac64998cc3cbd56741d0ef6c9

SHA256
6bdf705d557ab8590b571aeafce01077fa809147fc6eaa67b85e9a4bbc828634

SHA512
48a3a0340b5290e933e84ec45719be1cd648602cc6bc1fb4efd2bc5ef7a843fc1a09e63526d5ac39b86e57ad60a54bfd69b8609777a6b6c2e414fa9d8c23c96c

Download Submit
C:\Windows\system\JONDkFz.exe

Filesize
1.9MB

MD5
96182f1cbcfb6dc7d1facf9ad7a9e46a

SHA1
2d690859ab67069cb79b70f8f59b94f55a969b44

SHA256
06aa8b1bcd3488ccbba6438a7982fd004d73744039369a32d31fd0734aa3a4fb

SHA512
906b3b1f631499941390ae9b9744b1a1a750c765d76e3ce097bd6088b3cd9e82bdbed0a48b86940bccdca0990f7fd0f70b9764994e1a53fdaceac0812ca9294e

Download Submit
C:\Windows\system\MoUnlRi.exe

Filesize
1.9MB

MD5
cfe339630d9b18f18dc0110c6cd4aa5b

SHA1
651e03f8b9bffbf11cfc60da7f6fbf1a3c4441ac

SHA256
1923a7f1f24628eb9b111fb6f040657cbd9059621c7ae5821053506a46d47798

SHA512
a670b9f3790f97a1a399c9c953afdcf13d75eec860e07163f0873d34342d7a057b8dab42435451d6ab5e73d085cf0db8e9cdfa21e50c0059e93bea101a9dcccb

Download Submit
C:\Windows\system\OCVZxhl.exe

Filesize
1.9MB

MD5
09b5c956562329007744f11ca7b5fab2

SHA1
a1b847d46ecac4f68bed8801f925c2f5cd4f7829

SHA256
706bb87cbc862e7cb6002392bb22aa65b1653a4b671ee8287e8eae4fc8a23e64

SHA512
ac16fdf235216190ab0c6528d5bc3a8d4a16c18757707e462afc0aee907486d1a7fd49d2ca50a3e8cb4e455eead88adcf81693c2470c2a95c2ee339cc8d58c98

Download Submit
C:\Windows\system\ScXPRsX.exe

Filesize
1.9MB

MD5
00a28f23bae675c5bb1d279b61f4b99f

SHA1
76fbbc13c0d28a1118a27e0a65387ba4226aa334

SHA256
8d4bb4a6c8d3c37a71d91d5f6e9b76304f06f36acfd5a24d96b6b099092d04d4

SHA512
b2bfe0cc495e27bda2021edc0fe850615ce3f8261c40518e46aaca0ab95319367bce1125ce9b1677d52dfd7d5c2d5379ef501eddd03713d914e7330ea37f2c88

Download Submit
C:\Windows\system\UDkREnE.exe

Filesize
1.9MB

MD5
ffab45fde62687989ddfa29d78f6d761

SHA1
f8c729f8a3f162764d1ba942e31f223aa435eb53

SHA256
0f7bdb8b8cf0de578edf47b9485bf4cae7f04559ed49ee04ed4a71fb7470c49a

SHA512
1f1a1414c855e6554ae56ccdd61b0102be821e860238c900a8e4fa8456ed402816a884e1329030123f5f9e3276693bb45c5c55c4fcb6ace93aafa45be3b32df3

Download Submit
C:\Windows\system\WKgusMI.exe

Filesize
1.9MB

MD5
7e7045cc22b9360b245d1e4f89f306db

SHA1
912e92c90fe31a73fd4c55acba813aac9f1aaa45

SHA256
f5d73b184358958d1e08d0ca60ce35eabaa43c10155739d49558713cb39dec80

SHA512
a0ded5cd834076c210edb0256ed0fa6277abed076e964460ff09acd0cb8c8aac064cfabb3e0ce7c5e6e899d449c22dc44147348fb63ec8a2955c64bc5d039754

Download Submit
C:\Windows\system\jZeRgdn.exe

Filesize
1.9MB

MD5
d8f436626c8a3a5e3a7453948d5e5d5a

SHA1
05a729468e67c1f8613dbb3ea57294a304e89811

SHA256
2d77addf61b721e21f26eb47a74a9311529042f9586066ee8d1c6c451db276ca

SHA512
7a57b065be60d8f5b1ad7cee0293e0e2d32d310e139e0181c5f50ed8069241524a8dce85fc7a17aa5bff5bc45d2e5eaeb604f573fa7b256ffca39b19f2274a13

Download Submit
C:\Windows\system\lSeNwRx.exe

Filesize
1.9MB

MD5
b7c47f62859672e36dab8314ba70ff66

SHA1
5bcc8ae772d1156522903aeef78e7b2038e9db5c

SHA256
4e24d4493dc267847adde2102d6fc3ad2b214193a437985d1d45f1eb8865f2ec

SHA512
834314e59a2ee3f3499c7b5c1c5728486e60e9385e64a72c013a48764336f0ab27ad3e668859eba7b2ea7c230558b331f7e8a7486eb20426374005b97d46c5cd

Download Submit
C:\Windows\system\mjWucqn.exe

Filesize
1.9MB

MD5
b642fe9f3f07144f34bf3082cb221430

SHA1
04a3b1be34d6e60664bdd41134e22d47d7260ba4

SHA256
e569e13c80b280abfec6a9deb4aa434d595e33e4ef24a02cdac7c4143d4b9331

SHA512
71f9ae414ffbef752aed071ba94e1b9d083e1286df9623fcbd862c8d79995b23026375bbef9553557470fac8a63ea7703f96e7a8df29e1c1c7aadd13574a88ca

Download Submit
C:\Windows\system\vULLPLl.exe

Filesize
1.9MB

MD5
339d2c20ea5f1451c9b4aa2eb34f9f2a

SHA1
45ddb2abfcc2cb9abebaf821f027a5fa8fe12807

SHA256
4edee93121a09ed85564cf5cb62e23f31ae5b8438bd57a2feffed822afeaa6ca

SHA512
3fc8407ec5fbd8e8cdf8f518d7990ce52e7b9cf68c948366f19ac795d942f03b82ae109370e26c069b34ea1b6e16a88ccff34ac03923249fcef20da08bfd74f0

Download Submit
C:\Windows\system\wEEklqV.exe

Filesize
1.9MB

MD5
3b3c7b9e27c515a7111db2c214c64d53

SHA1
51ae01c5f421b99063f2ea11bc095d57e4a3dcc6

SHA256
2ab81d9aebf6c5d5aef393da6bdc90fc0606e2beb105871c080130dc04e51464

SHA512
4691bd3c564d52da9ae6bcad317fd1c80447e8deb762d0d32699d099fbfcc7c11c2fe6bd51505c60c51d530b9412a10e122316a800b51666b420e8313f5934a0

Download Submit
memory/1420-35-0x000000013FD60000-0x0000000140152000-memory.dmp

Filesize
3.9MB

Download
memory/1420-0-0x000000013F3D0000-0x000000013F7C2000-memory.dmp

Filesize
3.9MB

Download
memory/1420-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/1420-182-0x000000013FC80000-0x0000000140072000-memory.dmp

Filesize
3.9MB

Download
memory/2152-65-0x000000001B730000-0x000000001BA12000-memory.dmp

Filesize
2.9MB

Download
memory/2152-139-0x0000000002D50000-0x0000000002DD0000-memory.dmp

Filesize
512KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads