b0549de9952415cba5674e4001c214c2aa03b6ff67884007b743833b6c4c9c67

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 04:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f736f8836a63b8065938d7442d0d5b51_JaffaCakes118.exe
Size

4.0MB
MD5

f736f8836a63b8065938d7442d0d5b51
SHA1

8d151d65a89038bef671cf1d483feece6ca551d1
SHA256

b0549de9952415cba5674e4001c214c2aa03b6ff67884007b743833b6c4c9c67
SHA512

0beceb449e50975ab85da656980a11e23f3be68cc45443c92c3353cf49cb809de83831409af7d88e1567e918b413078768e97f3a1659be7612da67604446ce4d
SSDEEP

98304:v1NMX/y5oV5Ln/oApUeSIns6EckBQt8tBkrzVglqWesECcnclzJK:W/ySzx6Is6pIQn+kWes2clzk

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
3016	f736f8836a63b8065938d7442d0d5b51_JaffaCakes118.exe
3016	f736f8836a63b8065938d7442d0d5b51_JaffaCakes118.exe
3016	f736f8836a63b8065938d7442d0d5b51_JaffaCakes118.exe
3016	f736f8836a63b8065938d7442d0d5b51_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3016	f736f8836a63b8065938d7442d0d5b51_JaffaCakes118.exe
3016	f736f8836a63b8065938d7442d0d5b51_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 3016	2192	f736f8836a63b8065938d7442d0d5b51_JaffaCakes118.exe	86
PID 2192 wrote to memory of 3016	2192	f736f8836a63b8065938d7442d0d5b51_JaffaCakes118.exe	86
PID 2192 wrote to memory of 3016	2192	f736f8836a63b8065938d7442d0d5b51_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\f736f8836a63b8065938d7442d0d5b51_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f736f8836a63b8065938d7442d0d5b51_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\f736f8836a63b8065938d7442d0d5b51_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\f736f8836a63b8065938d7442d0d5b51_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21922\_socket.pyd

Filesize
45KB

MD5
7b2aaef4135df0fd137df1f152de1708

SHA1
b370b87dc4c39a4d8968ee998ce35daafc5359c2

SHA256
00b31446ad5f7038f253b64a60753d07ff082923c108752d565717947f1a38ba

SHA512
b2c4944e5f5d9a8b7ca9b86aca049230737804f2f75e4b0eb83712d26b9fcba031ca25fffd10adcb688902996443669d393b0c5ddfb1b88ae27ced464cedc79c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\get-pip.exe.manifest

Filesize
1KB

MD5
f4d767d9aabd28dc25945dfce98e1237

SHA1
2d8c450768ba1d0cf7555ee9bfe37b4823d4f511

SHA256
fdb105ef378f45faac8d822a8e2b4db6baa68220d9326816ff7276e3cd93bbd4

SHA512
5b71b3874441511ff121bbd71c59f981b5ee31ed07b0878b99d5ca9e2d58a9cd32b070e075e2fba6dc15465d9dfefc4d54fb3aa9b32d852c3c52782d50f4b83b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\python27.dll

Filesize
2.5MB

MD5
080e99cbea2f521fdf4e1c1fdd2e0e33

SHA1
0ef9a9abf1aaba455242c389925adce391a4cdb0

SHA256
dec7d6cf595bf68c5b7cc1447e8970b6b74cd9dabb29bd27648dd42a9de85e4c

SHA512
1c9e8f7e88a72c6b9225f8caca896a452d9c376d3a076fe00d1b3c321d9d1c5d20b644a91fe48b5ddc3a2e8e02f320c8ad9f7c6631ec3713ee65bd77c009f897

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\_ssl.pyd

Filesize
1.4MB

MD5
b64a8677ad7fda3ef730ffc4533fd1f8

SHA1
521fbddbf5317c9eee221f072fc5564ceef1f8c6

SHA256
4edd88905e478aac34adabc783a2f695644528f1d8e2426b1f4fa0bcfab03682

SHA512
2eb6561d626e04efd39155b861d4a5eb71161503b579634004ea163ddb2c81fe2ffa32452c8b9dacf28fc50aa2bccd421575b28d121b05b2668f0257f98f6129

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\select.pyd

Filesize
10KB

MD5
18ead4bf3a21899f4c94db60ba39da41

SHA1
ee856211f3cd00f29c1287c2dc129503ff78667b

SHA256
fb739f595b0c51f0bede73709feb997bbcd15e7c5bedf4a1b1d97856be602c40

SHA512
c8d49e1057351d499348ef8264228e0fd236ca2b7fef975700f309c0f7fdd00b57fc9f796d27a5d236d872236f59a7ce38a16e2140e2cf58712c81515de52d24

Download Submit