Overview

overview

10

Static

static

3

e70b8f3437...18.exe

windows7-x64

7

e70b8f3437...18.exe

windows10-2004-x64

10

Resubmissions

23-04-2024 19:00

240423-xnn2xsba49 7

08-04-2024 08:28

240408-kdf74sch96 10

Analysis

  • max time kernel
    96s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-04-2024 08:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e70b8f3437e37174905878062364cb39_JaffaCakes118.exe

  • Size

    23.5MB

  • MD5

    e70b8f3437e37174905878062364cb39

  • SHA1

    6e7ed1ef75ae2c03a5de02a1365f07d9b044b2ce

  • SHA256

    a79ded026bf1c2a2336e48ed2921dc0063b6921719b5748c8cceae2fdd577964

  • SHA512

    6c64d7853b5ee25efedc019e3cd15e327674e355ef8c6330dc8874bd9fb61ec6bd3068a52b28ef5ca1c666da83ecd5f540729b11a0972fd794b7a7dcdb72b7bf

  • SSDEEP

    393216:hlCFPLCEDo2WtYjUaNRDHvcrwhvr+bUn2KekLTP/WViHjL2ciIrHWTtN3ZWyOTL6:heCEDVfjrRj0r6+bUno0j4ILgtN35YDV

Score
10/10
demonwareransomware

Malware Config

Signatures

  • DemonWare

    Ransomware first seen in mid-2020.

    ransomwaredemonware
  • Loads dropped DLL 35 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e70b8f3437e37174905878062364cb39_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e70b8f3437e37174905878062364cb39_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:60
    • C:\Users\Admin\AppData\Local\Temp\e70b8f3437e37174905878062364cb39_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\e70b8f3437e37174905878062364cb39_JaffaCakes118.exe"
      2⤵
      • Loads dropped DLL
      PID:3968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Cipher\_Salsa20.pyd
    Filesize

    13KB

    MD5

    86109d2d1fccdb91968b7c1a63823731

    SHA1

    89dec67fbb4e467604f20c53c3ae3949471aef58

    SHA256

    28efd36be6bbbc56a7219bed7cc132ce67baf629100cc03a08a804360f483db9

    SHA512

    5d331f7f3ca413e77c33fa57e1f07ef43d064545ff1d143b9086211b42bbe165564c62b07d7a44615e75221613f3d3127ef5d7c7ec06315f0c397c0b059d2a37

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Cipher\_raw_cbc.pyd
    Filesize

    12KB

    MD5

    ff9b1e03922361e0a8be65e5e1421aac

    SHA1

    d4d674fb4e0214903e341e98613328d51aff9054

    SHA256

    2a5ab7f23554f497693ca81a5e5f21647b10fd8b9e00b8377d8385dc15a9c4df

    SHA512

    8cbbbbdc9a3d9e866dc88a655a75317f58cb4a49cb262975ff8c4ae5d47c344b86f69f6d2fc369dd7aa8ad7fcaa40d1937320e7e4f5923a03a39459b7bb247c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Cipher\_raw_cfb.pyd
    Filesize

    13KB

    MD5

    06358818f111a1c8e1b76d60a650c997

    SHA1

    5bbaf40aeb932766346631df25d887264aad7ac2

    SHA256

    b5438682a4c6bf57dcaad2835a9a293f712284fbe1af4ba6059011396cdbd180

    SHA512

    f954b4e56e3ace2c8e0961149cb5bd433f35530bc1c5e38ec5d2223ec3591df0998903b3928668c5d8c05f16eaa1c2adf41fc999690c42dafa794800fc4b193e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Cipher\_raw_ctr.pyd
    Filesize

    14KB

    MD5

    6adf70fd22d5ca90269466e5fc2aca2b

    SHA1

    1d4cdf2b08154b33738c5244a8886284c71693b9

    SHA256

    2f9dfa9de351bfe553dde60ae891e9b54a2e08546d723c7165234fd41c3ceed4

    SHA512

    efbd7133e5b5ef035f5a09d92b3b12d3ad367d6c35856a842536102d36a1ef53afe62ea3c3a5a4ae641bb28b6caaed18afa3519a637aa36f71f71979d4f61239

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Cipher\_raw_ecb.pyd
    Filesize

    10KB

    MD5

    64f6350fc1145db6337a9e3dfb83222f

    SHA1

    fea799c3f2a655d5104a46b788d98ea272557ae5

    SHA256

    821a86630238beaf4e303196ce26a250ef873f7a98b92644566b3c7d683d400e

    SHA512

    58f90099630b98a632db38d7cc4a2f44c70bb012f55b3b5a69dffc3a76f6a2b30ab81d678b95e807c135b96633a0d8ed83428924a1c9d1dfdb7f2a3962a44d31

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Cipher\_raw_ocb.pyd
    Filesize

    17KB

    MD5

    9cf1780e69e1bf2df2487b4de72806e5

    SHA1

    0955d77afb6a8e786dcbbf4f0b5b221bc302c6c8

    SHA256

    59cf35c376f312b1c6a5844f0740fcae4caaa5a3d3cd0e953959b5f4190a475d

    SHA512

    b1c4e6841c739fccc86e95da53ae10c3efa18f3a747b8e92883e7224cbe4f44016102fb6f713aa4345ba37dbf7c07d5517dfe9d564e2d4d120d154fd7de717f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Cipher\_raw_ofb.pyd
    Filesize

    12KB

    MD5

    670c2baf75e559b89435283298f75bef

    SHA1

    be1e5a0711c6c0bb1e2aef4ed18a15ed5759b027

    SHA256

    236650fc42b347b9caa5e3a84a13da9e40586d97762f87730c9016dcb81abf06

    SHA512

    52554fe5308f7b758b66b48262aae1c180191358e15fdd85b7d5ef47a35677e079c3ef6a54e63d1520038bbfc79bad5b2534b1c2808217ffb53c55b7e8862fdb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Hash\_BLAKE2s.pyd
    Filesize

    13KB

    MD5

    9098b9c8340047c6434825e18826cc18

    SHA1

    85dde191f6549aca0813d8a723d39b83c61002db

    SHA256

    825039711c334e169432a482f8b71ae735d7a1bd56552e501f6f3eca87cf272e

    SHA512

    defc6852291b568793a48124184342272f4bc424f88de82a35335d5596dfacc93a52afc33c43337e4ceb800c5bd998493a7ba7f52c02a6027a4434d7e608fcae

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Hash\_MD5.pyd
    Filesize

    15KB

    MD5

    2f4c07b5fc3c6245b0e1269c0d1a5a97

    SHA1

    26ea9baabadf63e5a44f3b606139f249bd120b99

    SHA256

    efb961372f6ce102a9836b63038ae1385b408ef8dcf2de7238b2403a6e987b27

    SHA512

    21e1ccbf238fd59c1ce80543a8f21858ae6e15ad1e8536a0144ec06791cd2488822ae87d84e331e9135142c76506e68fad7dbb4b26428ff3ac0d43f49e8fcc92

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Hash\_SHA1.pyd
    Filesize

    17KB

    MD5

    d2ef20fe88c483dc2588c03876058afd

    SHA1

    86a7a9e71df94fec73dd90a9a4cf5b7901ce622d

    SHA256

    6cc9cfa3c9739b545808e814a661b5b54e9127b057ce503024e515648b7a4a33

    SHA512

    d1ea9f01ea1a16b23b6219492b3d2a27b017ea8d5511549c82fe3a58da988b890e52d144630c55fd845b8d079c4b6d3fd2172020cecc5f6dd6a05b1495d18c71

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Hash\_SHA256.pyd
    Filesize

    21KB

    MD5

    363b8e9f9a119ee0a52d8e75083f3f5d

    SHA1

    e0f4316f5afd2abc31047b50fdd7910d148a7611

    SHA256

    1b36afc5b2f6f46d1a2457d56f276f5b5ffed066955acec911b9b7973d1e92b3

    SHA512

    3862436b88dae084993772d6ebdd3c7a892a562045ce448bc6419c7c21c797c806ef6030157c8daf2e85a36b13ed0ce4475eb00e61ee0cbec4db2677e780f177

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Hash\_ghash_clmul.pyd
    Filesize

    12KB

    MD5

    6ffdcbb8b3860fab46a4666c97f17eaf

    SHA1

    87defb8a639e0af86b6943490eb5456d6d63183e

    SHA256

    2ea2b17aaac9e572eef1239b01e8ad378829b765958fd1bf306f39983a76f944

    SHA512

    769941e8aac1075415f27c272510eda7c6156a0f29f0a19523251367946340ef53315771e6985c91ff4314ba1fcb939b1d5cd197dcbdaaed272733c9875e9b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Hash\_ghash_portable.pyd
    Filesize

    13KB

    MD5

    35025bbdbea7932bbe4e79627250dc46

    SHA1

    4082c2aba70d98fcf6ec2b82ff4cc6692d7b56ac

    SHA256

    800cc846930302519335afdd276f9cbbe5f940fe1e5035cb6baf4fb736d37434

    SHA512

    a65e3c17e2ef456258eec06e81fcfa9af97a0d13b05eaca96935e371aa5e768eba9fa2e00f6cb5930d25d57380654cd2b8c8cb680a686c912e5f36a3046e0db9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Protocol\_scrypt.pyd
    Filesize

    12KB

    MD5

    dcd7e1c1f1e68405d66cef954cbaee38

    SHA1

    bbe8c8bde0e1956f4d88d737d50b2215073cdcb1

    SHA256

    0ec713f4f3e963f618873ff538c7dcc532e0faba5025c5a8e20ac089fdfcf1d4

    SHA512

    10d2048ff68515862b95e658bb33e42ed0fd2ab70db66f2738487d21739172d4f24ffb8f239fdfc6f479ce582a85c3b8f8adfb5024dad5769713a4b3d22d3115

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Util\_cpuid_c.pyd
    Filesize

    10KB

    MD5

    f35a4c3bb2fb8782c1c3f0d6b493ce77

    SHA1

    688c8baa950cfd77fdded246976829cc7510fce9

    SHA256

    a6feba74067fb03ee4ba53d1608ab8012eb6bd1f995ebc42c21d653d57b8320b

    SHA512

    5cb5219dd33ac40bd901298f17945fad21b25b0358056d10c84440048cf845bbb7acd0f6501d4284508b7559eae04074b03d13f6a1e4069df011895dfd3ceac9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\Crypto\Util\_strxor.pyd
    Filesize

    10KB

    MD5

    db1f79a96a1390028df325dd183ff9f1

    SHA1

    8373b6c44fdbece2c1ee5327a2bb5e5b0a719ed4

    SHA256

    6429928799a5eea9e090224a2d7083b469892d725a28ea9dcc2a95f94286b0da

    SHA512

    dad71f250340e529883e3347e90e66a445641f019351e745940c6700145c6c923a9d5575efaf42436823bd8f1db44e9b00c99eb1cc41dc49425ea9db9847590e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\MSVCP140.dll
    Filesize

    613KB

    MD5

    c1b066f9e3e2f3a6785161a8c7e0346a

    SHA1

    8b3b943e79c40bc81fdac1e038a276d034bbe812

    SHA256

    99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

    SHA512

    36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\PIL\_imaging.cp39-win_amd64.pyd
    Filesize

    3.0MB

    MD5

    7bdda60c9136dfcef785132a0c77b193

    SHA1

    f6bcd152d638cf54767203edb238eef2993b98bd

    SHA256

    bec23da5408f0fff9fe31c0ba49f6cd305ab6e242c270305c904295e54e88266

    SHA512

    b2e3df1aefdf271e494c91a9fa19bf0dbf8696fe30e524827659198080467dc5dc5d4a2394f27cefd8bb9923ece8757ccedaae3b5f836d4175690f128032098d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\VCRUNTIME140.dll
    Filesize

    94KB

    MD5

    18049f6811fc0f94547189a9e104f5d2

    SHA1

    dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6

    SHA256

    c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db

    SHA512

    38fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\_bz2.pyd
    Filesize

    84KB

    MD5

    a991152fd5b8f2a0eb6c34582adf7111

    SHA1

    3589342abea22438e28aa0a0a86e2e96e08421a1

    SHA256

    7301fc2447e7e6d599472d2c52116fbe318a9ff9259b8a85981c419bfd20e3ef

    SHA512

    f039ac9473201d27882c0c11e5628a10bdbe5b4c9b78ead246fd53f09d25e74c984e9891fccbc27c63edc8846d5e70f765ca7b77847a45416675d2e7c04964fc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\_ctypes.pyd
    Filesize

    124KB

    MD5

    7322f8245b5c8551d67c337c0dc247c9

    SHA1

    5f4cb918133daa86631211ae7fa65f26c23fcc98

    SHA256

    4fcf4c9c98b75a07a7779c52e1f7dff715ae8a2f8a34574e9dac66243fb86763

    SHA512

    52748b59ce5d488d2a4438548963eb0f2808447c563916e2917d08e5f4aab275e4769c02b63012b3d2606fdb5a8baa9eb5942ba5c5e11b7678f5f4187b82b0c2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\_hashlib.pyd
    Filesize

    64KB

    MD5

    88e2bf0a590791891fb5125ffcf5a318

    SHA1

    39f96abbabf3fdd46844ba5190d2043fb8388696

    SHA256

    e7aecb61a54dcc77b6d9cafe9a51fd1f8d78b2194cc3baf6304bbd1edfd0aee6

    SHA512

    7d91d2fa95bb0ffe92730679b9a82e13a3a6b9906b2c7f69bc9065f636a20be65e1d6e7a557bfd6e4b80edd0f00db92eb7fea06345c2c9b98176c65d18c4bdbf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\_lzma.pyd
    Filesize

    159KB

    MD5

    cdd13b537dad6a910cb9cbb932770dc9

    SHA1

    b37706590d5b6f18c042119d616df6ff8ce3ad46

    SHA256

    638cd8c336f90629a6260e67827833143939497d542838846f4fc94b2475bb3e

    SHA512

    c375fb6914cda3ae7829d016d3084f3b5b9f78f200a62f076ec1646576f87694eec7fa6f1c99cbe30824f2fe6e2d61ecdeb50061383b12143cd2678004703199

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\_socket.pyd
    Filesize

    78KB

    MD5

    478abd499eefeba3e50cfc4ff50ec49d

    SHA1

    fe1aae16b411a9c349b0ac1e490236d4d55b95b2

    SHA256

    fdb14859efee35e105f21a64f7afdf50c399ffa0fa8b7fcc76dae4b345d946cb

    SHA512

    475b8d533599991b4b8bfd27464b379d78e51c41f497e81698b4e7e871f82b5f6b2bfec70ec2c0a1a8842611c8c2591133eaef3f7fc4bc7625e18fc4189c914e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\_tkinter.pyd
    Filesize

    64KB

    MD5

    df830d3061aa2524eeec14ed02f7ad65

    SHA1

    daa6eef81006dae88d3ad776764401a566261028

    SHA256

    1b4d93153d06bcdbff02ce3a68f6a620ccbe4ba163baf78698d5fba3f54d4357

    SHA512

    0fa007990184e731e8a431572676033de99f25d5bffa627e9aa35e4ab96d5ccb1ecebf383bb29ce28fb46ae24505ead2be21a93ed53750a37be6e9ec7dd22d22

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\base_library.zip
    Filesize

    763KB

    MD5

    636be3ddb8732c9c52de9c7c86f5b9ee

    SHA1

    ccb3a2da7846cc8af9da8ec78c679cbf168ca2f8

    SHA256

    cba1949b47775b76b488bdaf60267248a847773a35df8530d16d6ed25738eda9

    SHA512

    a2059e915806116d754363554e9489508bbb7ffd765ab0203e94b05ba0874b5d1a1534deb8b4ca2f18699983ecac39139a77fcf01adecd0f91276ecff641e1d3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\libcrypto-1_1.dll
    Filesize

    3.2MB

    MD5

    89511df61678befa2f62f5025c8c8448

    SHA1

    df3961f833b4964f70fcf1c002d9fd7309f53ef8

    SHA256

    296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

    SHA512

    9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\libffi-7.dll
    Filesize

    32KB

    MD5

    eef7981412be8ea459064d3090f4b3aa

    SHA1

    c60da4830ce27afc234b3c3014c583f7f0a5a925

    SHA256

    f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

    SHA512

    dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\python39.dll
    Filesize

    4.3MB

    MD5

    1d5e4c20a20740f38f061bdf48aaca4f

    SHA1

    de1b64ab5219aa6fef95cd2b0ccead1c925fd0d0

    SHA256

    f8172151d11bcf934f2a7518cd0d834e3f079bd980391e9da147ce4cff72c366

    SHA512

    9df64c97e4e993e815fdaf7e8ecbc3ce32aa8d979f8f4f7a732b2efa636cfeb9a145fe2c2dcdf2e5e9247ee376625e1fdc62f9657e8007bb504336ac8d05a397

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\select.pyd
    Filesize

    28KB

    MD5

    fed3dae56f7c9ea35d2e896fede29581

    SHA1

    ae5b2ef114138c4d8a6479d6441967c170c5aa23

    SHA256

    d56542143775d02c70ad713ac36f295d473329ef3ad7a2999811d12151512931

    SHA512

    3128c57724b0609cfcaca430568d79b0e6abd13e5bba25295493191532dba24af062d4e0340d0ed68a885c24fbbf36b7a3d650add2f47f7c2364eab6a0b5faff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\tcl86t.dll
    Filesize

    1.6MB

    MD5

    c0b23815701dbae2a359cb8adb9ae730

    SHA1

    5be6736b645ed12e97b9462b77e5a43482673d90

    SHA256

    f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768

    SHA512

    ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\tcl\encoding\cp1252.enc
    Filesize

    1KB

    MD5

    5900f51fd8b5ff75e65594eb7dd50533

    SHA1

    2e21300e0bc8a847d0423671b08d3c65761ee172

    SHA256

    14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0

    SHA512

    ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI602\tk86t.dll
    Filesize

    1.4MB

    MD5

    fdc8a5d96f9576bd70aa1cadc2f21748

    SHA1

    bae145525a18ce7e5bc69c5f43c6044de7b6e004

    SHA256

    1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5

    SHA512

    816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c

    Download Submit