402281a76dafdb0f85190fb50ae0460d6fa0e8f39abdd0e03ad5c1555741de7c

General

Target

4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
Size

433KB
MD5

4b2e88d4f710da8d87c553bbd62513ff
SHA1

ad548ff42c0a71bca9d93789aa7f36797a83ce82
SHA256

402281a76dafdb0f85190fb50ae0460d6fa0e8f39abdd0e03ad5c1555741de7c
SHA512

5f2d4e370b1cf26c9f0d4123693e2621a0189d5835ab1ca53910f2ab8b1887887992759ba76533170f5eb3ff172969e51b27390ac8bdb673d332455ba79fa542
SSDEEP

6144:p3LAW1YW8nnuLDWKZzOe0cezs6a9f61IODkmnXU3xZGjJ1L3yTidRzQ3vclCeafR:p7Z8nuWWj8zadvODLnXsM/iTcn/ri9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2840-2-0x0000000000400000-0x000000000047C000-memory.dmp	upx

Modifies Control Panel 1 IoCs

evasion

Processes:

4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\5761b2dc-ce77-4bfa-b965-6f33b1867cf2	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe

pid	process
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
2840	4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4b2e88d4f710da8d87c553bbd62513ff_JaffaCakes118.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
PID:2840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2840-0-0x00000000007D0000-0x0000000000836000-memory.dmp

Filesize
408KB

Download
memory/2840-1-0x000000000046D000-0x0000000000479000-memory.dmp

Filesize
48KB

Download
memory/2840-2-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/2840-5-0x00000000007D0000-0x0000000000836000-memory.dmp

Filesize
408KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads