b98404e703ad11858fb28d4201059181ac75033d1fff40caab73dce0adb6ad57

General

Target

82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe
Size

89KB
MD5

82a80c47e51c6dae8c84a361690563df
SHA1

82c23d46fa52cb5126e7ad590192be09210d7542
SHA256

b98404e703ad11858fb28d4201059181ac75033d1fff40caab73dce0adb6ad57
SHA512

acf73775fab0cc84a5ae8f259c4f5ec71df950447689246989ecb74f6f2cd9e9b673b352db6eb3292914a9825751ab9a4cedd8c476beea8330ffd4847c6aa10b
SSDEEP

1536:r7tEyEPoq7OUesX3Zual9AZ+I1l1LEKBZ/OkhwoAmhAwgYhYaZw7B+:r7tE3jHZ9AwI/5xOkYmhAwFhPq7B+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1944-15-0x0000000000400000-0x0000000002B10000-memory.dmp	upx
behavioral1/memory/1944-17-0x0000000000400000-0x0000000002B10000-memory.dmp	upx
behavioral1/memory/1944-14-0x0000000000400000-0x0000000002B10000-memory.dmp	upx
behavioral1/memory/1944-6-0x0000000000400000-0x0000000002B10000-memory.dmp	upx
behavioral1/memory/1944-11-0x0000000000400000-0x0000000002B10000-memory.dmp	upx
behavioral1/memory/1944-7-0x0000000000400000-0x0000000002B10000-memory.dmp	upx
behavioral1/memory/1944-19-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/1944-16-0x0000000000400000-0x0000000002B10000-memory.dmp	upx
behavioral1/memory/1944-20-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/1944-22-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/1944-24-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/1944-26-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/1944-28-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/1944-31-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/1944-33-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1704 set thread context of 1944	1704	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe	28

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1704	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe
1944	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe
1944	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe
1944	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe
1944	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe
1944	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe
1944	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1704	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1944	1704	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe	28
PID 1704 wrote to memory of 1944	1704	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe	28
PID 1704 wrote to memory of 1944	1704	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe	28
PID 1704 wrote to memory of 1944	1704	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe	28
PID 1704 wrote to memory of 1944	1704	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe	28
PID 1704 wrote to memory of 1944	1704	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe	28
PID 1704 wrote to memory of 1944	1704	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe	28
PID 1704 wrote to memory of 1944	1704	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe	28
PID 1704 wrote to memory of 1944	1704	82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Users\Admin\AppData\Local\Temp\82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\82a80c47e51c6dae8c84a361690563df_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1704-12-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1704-5-0x00000000002F0000-0x00000000002F4000-memory.dmp

Filesize
16KB

Download
memory/1944-18-0x0000000000407000-0x0000000000409000-memory.dmp

Filesize
8KB

Download
memory/1944-3-0x0000000000400000-0x0000000002B10000-memory.dmp

Filesize
39.1MB

Download
memory/1944-17-0x0000000000400000-0x0000000002B10000-memory.dmp

Filesize
39.1MB

Download
memory/1944-14-0x0000000000400000-0x0000000002B10000-memory.dmp

Filesize
39.1MB

Download
memory/1944-6-0x0000000000400000-0x0000000002B10000-memory.dmp

Filesize
39.1MB

Download
memory/1944-11-0x0000000000400000-0x0000000002B10000-memory.dmp

Filesize
39.1MB

Download
memory/1944-7-0x0000000000400000-0x0000000002B10000-memory.dmp

Filesize
39.1MB

Download
memory/1944-19-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1944-0-0x00000000001B0000-0x00000000002AA000-memory.dmp

Filesize
1000KB

Download
memory/1944-15-0x0000000000400000-0x0000000002B10000-memory.dmp

Filesize
39.1MB

Download
memory/1944-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1944-16-0x0000000000400000-0x0000000002B10000-memory.dmp

Filesize
39.1MB

Download
memory/1944-20-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1944-22-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1944-24-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1944-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1944-28-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1944-31-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1944-33-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing