42ba36f050188736bc5c3f29d866ba7e68a1ccd00e7a79086b42287189b8fef7

General

Target

378e3c5ed4dc0cb9018f1901f84756bd_JaffaCakes118.exe
Size

953KB
MD5

378e3c5ed4dc0cb9018f1901f84756bd
SHA1

1d159fcce8ae01478ec801feaf1988f29e62ae8d
SHA256

42ba36f050188736bc5c3f29d866ba7e68a1ccd00e7a79086b42287189b8fef7
SHA512

fc2bb9ab9a35106d4db925aadf9d713348599a40bb9d528c2f1d1ad4b2c4721e0ec867be729c85e0ae184fc1a1515c540f506fbaa7a1f57ef15f0f91e0140eef
SSDEEP

24576:JZbE7lld9tulduNxJ8EjYwdJPwXmfFDFJWK:sldylduNxJ8EkIwWfFD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 23 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2356-6-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-43-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-40-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-34-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-32-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-28-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-24-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-22-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-20-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-18-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-16-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-14-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-10-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-44-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-4-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-2-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-45-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-36-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-30-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-26-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-12-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-8-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx
behavioral2/memory/2356-1-0x0000000000C50000-0x0000000000C89000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2356	378e3c5ed4dc0cb9018f1901f84756bd_JaffaCakes118.exe
2356	378e3c5ed4dc0cb9018f1901f84756bd_JaffaCakes118.exe
2356	378e3c5ed4dc0cb9018f1901f84756bd_JaffaCakes118.exe
2356	378e3c5ed4dc0cb9018f1901f84756bd_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2356	378e3c5ed4dc0cb9018f1901f84756bd_JaffaCakes118.exe
2356	378e3c5ed4dc0cb9018f1901f84756bd_JaffaCakes118.exe
2356	378e3c5ed4dc0cb9018f1901f84756bd_JaffaCakes118.exe
2356	378e3c5ed4dc0cb9018f1901f84756bd_JaffaCakes118.exe
2356	378e3c5ed4dc0cb9018f1901f84756bd_JaffaCakes118.exe
2356	378e3c5ed4dc0cb9018f1901f84756bd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\378e3c5ed4dc0cb9018f1901f84756bd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\378e3c5ed4dc0cb9018f1901f84756bd_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2356-0-0x0000000000400000-0x000000000066F000-memory.dmp

Filesize
2.4MB

Download
memory/2356-6-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-43-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-40-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-34-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-32-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-28-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-24-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-22-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-20-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-18-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-16-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-14-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-10-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-44-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-4-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-2-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-45-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-36-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-30-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-26-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-12-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-8-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-1-0x0000000000C50000-0x0000000000C89000-memory.dmp

Filesize
228KB

Download
memory/2356-71-0x0000000000400000-0x000000000066F000-memory.dmp

Filesize
2.4MB

Download
memory/2356-73-0x0000000000400000-0x000000000066F000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing