76693e5ac9285df089598ed41211d018cbd1b7c59fa2ed2350cca8c4b5ade8c8

General

Target

3e89bc1f0ea90832b32d8de90feab118_JaffaCakes118.exe
Size

464KB
MD5

3e89bc1f0ea90832b32d8de90feab118
SHA1

217fe7b336f31b3a4b61f6023467d79c4f506cae
SHA256

76693e5ac9285df089598ed41211d018cbd1b7c59fa2ed2350cca8c4b5ade8c8
SHA512

730b23f52296dd05ac7b0f5b6470e24554e687744f4330e7e7e1f4a5f21eb431c220806b1f07592bab30d956a7dc432e58079721f6d05064ea12d81d93ca9379
SSDEEP

12288:kjkArEN249AyE/rbaMct4bO2/VhsEiV0S5Z+:HFE//Tct4bOsXsEiV0wZ+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2552-0-0x0000000000400000-0x00000000004D7000-memory.dmp	upx
behavioral1/memory/2552-12-0x0000000000400000-0x00000000004D7000-memory.dmp	upx
behavioral1/memory/2552-13-0x0000000000400000-0x00000000004D7000-memory.dmp	upx
behavioral1/memory/2552-14-0x0000000000400000-0x00000000004D7000-memory.dmp	upx
behavioral1/memory/2552-15-0x0000000000400000-0x00000000004D7000-memory.dmp	upx
behavioral1/memory/2552-16-0x0000000000400000-0x00000000004D7000-memory.dmp	upx
behavioral1/memory/2552-17-0x0000000000400000-0x00000000004D7000-memory.dmp	upx
behavioral1/memory/2552-18-0x0000000000400000-0x00000000004D7000-memory.dmp	upx
behavioral1/memory/2552-19-0x0000000000400000-0x00000000004D7000-memory.dmp	upx
behavioral1/memory/2552-20-0x0000000000400000-0x00000000004D7000-memory.dmp	upx
behavioral1/memory/2552-21-0x0000000000400000-0x00000000004D7000-memory.dmp	upx
behavioral1/memory/2552-22-0x0000000000400000-0x00000000004D7000-memory.dmp	upx
behavioral1/memory/2552-23-0x0000000000400000-0x00000000004D7000-memory.dmp	upx
behavioral1/memory/2552-24-0x0000000000400000-0x00000000004D7000-memory.dmp	upx
behavioral1/memory/2552-25-0x0000000000400000-0x00000000004D7000-memory.dmp	upx

AutoIT Executable 14 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2552-12-0x0000000000400000-0x00000000004D7000-memory.dmp	autoit_exe
behavioral1/memory/2552-13-0x0000000000400000-0x00000000004D7000-memory.dmp	autoit_exe
behavioral1/memory/2552-14-0x0000000000400000-0x00000000004D7000-memory.dmp	autoit_exe
behavioral1/memory/2552-15-0x0000000000400000-0x00000000004D7000-memory.dmp	autoit_exe
behavioral1/memory/2552-16-0x0000000000400000-0x00000000004D7000-memory.dmp	autoit_exe
behavioral1/memory/2552-17-0x0000000000400000-0x00000000004D7000-memory.dmp	autoit_exe
behavioral1/memory/2552-18-0x0000000000400000-0x00000000004D7000-memory.dmp	autoit_exe
behavioral1/memory/2552-19-0x0000000000400000-0x00000000004D7000-memory.dmp	autoit_exe
behavioral1/memory/2552-20-0x0000000000400000-0x00000000004D7000-memory.dmp	autoit_exe
behavioral1/memory/2552-21-0x0000000000400000-0x00000000004D7000-memory.dmp	autoit_exe
behavioral1/memory/2552-22-0x0000000000400000-0x00000000004D7000-memory.dmp	autoit_exe
behavioral1/memory/2552-23-0x0000000000400000-0x00000000004D7000-memory.dmp	autoit_exe
behavioral1/memory/2552-24-0x0000000000400000-0x00000000004D7000-memory.dmp	autoit_exe
behavioral1/memory/2552-25-0x0000000000400000-0x00000000004D7000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2552	3e89bc1f0ea90832b32d8de90feab118_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3e89bc1f0ea90832b32d8de90feab118_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3e89bc1f0ea90832b32d8de90feab118_JaffaCakes118.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Logging\CIntRep.log

Filesize
192B

MD5
a26be074ea18b45cbd90befa9ddf1720

SHA1
bda590a1d1d1dd3fcb2679b10c2facf05eed8db1

SHA256
ed9ed9189d89d56d93f91298e40ef6566ce8ca7388169100d43ff973a372a415

SHA512
5e40aad92108e49f8b35a7718da247284782c350bd2b381e0bedde820b7e48bfdcce7ecf5003d6c7261137e64942b5c36ec74bd6a38d3521cb9796a7829ade1e

Download Submit
memory/2552-18-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2552-19-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2552-13-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2552-14-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2552-15-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2552-16-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2552-12-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2552-0-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2552-17-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2552-20-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2552-21-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2552-22-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2552-23-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2552-24-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2552-25-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download

Analysis

Sharing