76ed3c2d6269a882b2046bdde810a8abbbc7b938fdd72e2c431c198dfb4b40ff

General

Target

68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
Size

1014KB
MD5

68506472291b09e61f02fb3713bc0bd0
SHA1

f939581a6dd8d9104f3bde7503500b9d252d3c46
SHA256

76ed3c2d6269a882b2046bdde810a8abbbc7b938fdd72e2c431c198dfb4b40ff
SHA512

0601f20bd9b3586bb66852ddea8aebce526f7f263694b05a2b92a2f1e1956c34583c8d4bb87bfda8e9de492b6bacb4ecdea1fda8fe1d2762f667bc54e61939fa
SSDEEP

24576:gRmJkcoQricOIQxiZY1WNt+xcgCVoUJOZFiWXkgWa:VJZoQrbTFZY1WNt++gCVoUJQAWX1

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
behavioral1/memory/1368-0-0x0000000000400000-0x00000000004AF000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe

pid process

1368 68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe

pid	process
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe

pid	process
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
1368	68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\68506472291b09e61f02fb3713bc0bd0_JaffaCakes118.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\superautoscript\scriptperso\zoometendu.scr

Filesize
8B

MD5
37cc0387b1bfaf141132bbfdee303267

SHA1
a39e40a97137e81ed0e7c1ca474ee3ba709dcf7b

SHA256
3706c6c14460ab1db5c73acbcd6dec3f63210df0cc6a382bbe7155c4cced8091

SHA512
e3c4064432379e65114082cdedd60796d21994a0da4d5fb91cdda19d2a05ff86eb1e380649c6b9bc670a45c53162b6c485d965caa3da6252c3ccf05d0f5b5ae0

Download Submit
memory/1368-0-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads