b18af07ce25512500e9f50f671ee3f6e90a14badebaf8ee68f47e1c8ff30d3de

General

Target

4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
Size

5.8MB
MD5

4db343478db4155cc0ed0b52b62276e6
SHA1

63cf5423ac90e7e1297f6e292ec16a8b8f44b7f9
SHA256

b18af07ce25512500e9f50f671ee3f6e90a14badebaf8ee68f47e1c8ff30d3de
SHA512

ed26d53ea02f91c62076b1eec54cb26b26c44a5eb08353c7efaf180bc556646b2eee871de9db44f1832819e818c2cfaef63bde8a6e676e2c946a0c5b066838f1
SSDEEP

98304:9lNNePctkzjMAYXgJ2cnBWS9dLRQUycYgGU256DI5afIUSth5N0GCJZ+kcmhNd:9lzeZjYwIcUkLdycBGD6k5afIJNjuhBp

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 15 IoCs

pid	Process
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
3068	4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3068-0-0x0000000000400000-0x00000000005E9000-memory.dmp	upx
behavioral2/memory/3068-69-0x0000000000400000-0x00000000005E9000-memory.dmp	upx
behavioral2/memory/3068-70-0x0000000000400000-0x00000000005E9000-memory.dmp	upx
behavioral2/memory/3068-71-0x0000000000400000-0x00000000005E9000-memory.dmp	upx
behavioral2/memory/3068-72-0x0000000000400000-0x00000000005E9000-memory.dmp	upx
behavioral2/memory/3068-73-0x0000000000400000-0x00000000005E9000-memory.dmp	upx
behavioral2/memory/3068-74-0x0000000000400000-0x00000000005E9000-memory.dmp	upx
behavioral2/memory/3068-75-0x0000000000400000-0x00000000005E9000-memory.dmp	upx
behavioral2/memory/3068-76-0x0000000000400000-0x00000000005E9000-memory.dmp	upx
behavioral2/memory/3068-77-0x0000000000400000-0x00000000005E9000-memory.dmp	upx
behavioral2/memory/3068-78-0x0000000000400000-0x00000000005E9000-memory.dmp	upx
behavioral2/memory/3068-79-0x0000000000400000-0x00000000005E9000-memory.dmp	upx
behavioral2/memory/3068-80-0x0000000000400000-0x00000000005E9000-memory.dmp	upx
behavioral2/memory/3068-81-0x0000000000400000-0x00000000005E9000-memory.dmp	upx
behavioral2/memory/3068-82-0x0000000000400000-0x00000000005E9000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4db343478db4155cc0ed0b52b62276e6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCL91B1.tmp

Filesize
32KB

MD5
1d7d929ed108d1f8d934f11217dc54f5

SHA1
e7910d45b026e9fca4fb710aed15a49dafc67e8a

SHA256
497828fc16d577822e6ff5f3b44fd2e433a7cb35dc70621e1ca8dfbf654f6f7d

SHA512
d5536991536de45f233ff3494425409c8787b6c9358ab69b74ecaaf5f6eb844dbd2bb53e0875f2e56e1aa9058955b318f269bc73ec6c1b69005415657b5824cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCL91E2.tmp

Filesize
24KB

MD5
4cf27e0747e5719a5478aa2624f6b996

SHA1
13df901e34f77e5ea11f36c0afedda7f86a2c003

SHA256
e69a9d06f2c17cc021ebf9b62ca110548facdc147b67dea4846e09865043d2d9

SHA512
4b0ddcbd7321128f977e1dbbe18cc76c7e489d4ee84b7775989e99778b5a60daa683c6063c5b700794b7f2070ae381fef20b19b3cb35c1babef9be79ff264941

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCL91F2.tmp

Filesize
24KB

MD5
124e89d0fcc409ede3595a253b788708

SHA1
bc88e037c3edea02dd20aeff10818105be9f4033

SHA256
27ea1b57a3024aec4a03188e80fdb2aa301fa5179c19be9c8b0dfc2aac73a114

SHA512
7cd0ca268a5dbd2aa22dbce1f253a2d067ca30c5195e059c3f431d546a20d1811592f8bd8fe88b6ad9cb5c6fdd6a4666ff451b84a5e790a9d5058865d48790b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCL9203.tmp

Filesize
100KB

MD5
606f13d4d580b1f322b3f3d3df423bba

SHA1
02cb375e13b415edc8b5360dffdba531e47827ed

SHA256
c71a16b1056e522cd0365449448116d06f37a3273d77694d170340064511dd25

SHA512
867a45dc15e99148f24fc528fbc9255582e5534bb4696700292b70163fddb15f35ddf2acd0536a9cd78b4d8f9d827bf7530d2303bfd7e428f11573b381a0986c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCL9223.tmp

Filesize
56KB

MD5
145d5c49fe34a44662beaffe641d58c7

SHA1
95d5e92523990b614125d66fa3fa395170a73bfe

SHA256
59182f092b59a3005ada6b2f2855c7e860e53e8adf6e41cd8cd515578ae7815a

SHA512
48cb0048f4fcf460e791a5b0beca40dbf2399b70f1784236b6d1f17835201d70dfa64c498814b872f57e527793c58a5959230fe40ddf5ebdcb0b1de57e9c53ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCL92D0.tmp

Filesize
400KB

MD5
027491b39a7b16b116e780f55abc288e

SHA1
62c0ab7c3e374d5fc9920983ee62baa4421076b4

SHA256
eef69d005bf1c0b715c8d6205400d4755c261dd38ddfbbfe918e6ee91f21f1f0

SHA512
fe0ba835d9af2a2c297a545bb7e30d315b580273bb1f558f16d9cba59755200a4735f75b1672e5e5fbed449eb7a5abb6d905696674c181b742bf637028953194

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCL930F.tmp

Filesize
176KB

MD5
1fda4c585845d719724a906a98e270e5

SHA1
d1eff6bff723c2ae0aca2835c812d0ce60c32747

SHA256
1f166d907f824772d370b3f2e9151d87d9d1be71bcbe7945f68ae3ca96572a23

SHA512
e6894ff91d2332492e90384a8ae57e62b2e84a727c428c05317b299e6febbf3916a07fee08800db60d7e44ad21e1eec29bbf4d1bf0907f4aada410a611b546a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCL934F.tmp

Filesize
48KB

MD5
80da807e7d51376aae729f228de10ac6

SHA1
3b246eaffdd1c2a14bd0c427ae4b9daeaf677a6c

SHA256
42089e2a8c0d996572a9dc26474494fb03197996bdf6967976b6b6f318288de3

SHA512
ca768e751239ba19517779f7b936d086ac1564c12652ea53e7d01a860d031fde7e5c3019cba301757c984c1119fcfa5bf6bb9f75aa76c667c95f38389e1a3f7e

Download Submit
memory/3068-69-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download
memory/3068-72-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download
memory/3068-28-0x0000000003380000-0x0000000003399000-memory.dmp

Filesize
100KB

Download
memory/3068-56-0x0000000005A20000-0x0000000005A4F000-memory.dmp

Filesize
188KB

Download
memory/3068-65-0x0000000005A50000-0x0000000005A5D000-memory.dmp

Filesize
52KB

Download
memory/3068-37-0x0000000000C30000-0x0000000000C3E000-memory.dmp

Filesize
56KB

Download
memory/3068-0-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download
memory/3068-70-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download
memory/3068-71-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download
memory/3068-46-0x00000000059B0000-0x0000000005A15000-memory.dmp

Filesize
404KB

Download
memory/3068-73-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download
memory/3068-74-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download
memory/3068-75-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download
memory/3068-76-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download
memory/3068-77-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download
memory/3068-78-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download
memory/3068-79-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download
memory/3068-80-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download
memory/3068-81-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download
memory/3068-82-0x0000000000400000-0x00000000005E9000-memory.dmp

Filesize
1.9MB

Download

Analysis

Sharing