4b0d363ddceeaa55a4fd574915f4cbf4978d38f1cc99de6aa50d10e5c525148f

Resubmissions

19-04-2024 21:46

240419-1m4b1ahb8s 7

19-04-2024 21:16

240419-z4vwhsge6t 7

Analysis

max time kernel
140s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
Size

10.8MB
MD5

fb2e9f7cf73d9b2dd763e66392203d33
SHA1

5937a54b98ea9ade7e72d0cad3ce76fefb4f75b9
SHA256

4b0d363ddceeaa55a4fd574915f4cbf4978d38f1cc99de6aa50d10e5c525148f
SHA512

4d19d43b9e88d8b3971bf51fc0a0a3432af7640825389899beaec13f849cb928a44ef1f86363cb2081cd0203365dcdd6b9338ea82b333a49de6fc9b485ba1350
SSDEEP

196608:iH2LiuIoP1HSsimvlG2etbYPvbJQlHJCO8ZD8CPFbYDSjAOxNcKu:LzP1pimtokJQlp8Z9kO5xuK

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

Processes:

fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b0x3r.exe	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe

Loads dropped DLL 17 IoCs

Processes:

fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe

pid	process
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
2804	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

15 ip-api.com
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe

pid process

2804 fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe

flow	ioc
15	ip-api.com

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe

description	pid	process	target process
PID 784 wrote to memory of 2804	784	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
PID 784 wrote to memory of 2804	784	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
PID 784 wrote to memory of 2804	784	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe	fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:784

C:\Users\Admin\AppData\Local\Temp\fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb2e9f7cf73d9b2dd763e66392203d33_JaffaCakes118.exe"
2⤵
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3808 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI7842\VCRUNTIME140.dll
Filesize
81KB

MD5
2ebf45da71bd8ef910a7ece7e4647173

SHA1
4ecc9c2d4abe2180d345f72c65758ef4791d6f06

SHA256
cf39e1e81f57f42f4d60abc1d30ecf7d773e576157aa88bbc1d672bf5ad9bb8b

SHA512
a5d3626553731f7dc70f63d086bd9367ea2c06ad8671e2578e1340af4c44189ecb46a51c88d64a4b082ce68160390c3f8d580dde3984cd254a408f1ef5b28457

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\_brotli.cp38-win32.pyd
Filesize
780KB

MD5
458267b5b318d7baf74d286ade22718b

SHA1
52ecce4f0e84ad5b85f53c570fb095adb9093747

SHA256
f1feb3e509c3927788cb0bf16a217c8c0b7ade68f0e6170c4aa1bc0d614041a6

SHA512
1aa7379c950a4218332221d7d46a89053dab3434511bf0c6f72e6b1eeaa8b667a0c356ea3b27725651777c43dc8c44003e6caaaef3121e4ab47b9870814bdee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\_bz2.pyd
Filesize
76KB

MD5
2002b2cc8f20ac05de6de7772e18f6a7

SHA1
b24339e18e8fa41f9f33005a328711f0a1f0f42d

SHA256
645665cf3338e7665e314f53fbbcb3c5d9174e90f3bf65ddbdc9c0cb24a5d40d

SHA512
253d0c005758fcb9e0980a01016a34073e7cdffb6253a2ba3d65a2bb82764638f4bd63d3f91a24effd5db60db59a8d28155e7d6892d5cc77c686f74bf0b05d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\_ctypes.pyd
Filesize
113KB

MD5
c827a20fc5f1f4e0ef9431f29ebf03b4

SHA1
ee36cb853d79b0ba6b4e99b1ef2fbae840c5489d

SHA256
d500cff28678eced1fc4b3aeabecc0f3b30de735fdefe90855536bc29fc2cb4d

SHA512
d40b816cde6bdf6e46c379674c76f0991268bd1617b96a4e4f944b80e12692ce410e67e006b50b6a8cfaef96aacc6cb806280bac3aa18ee8690669702d01065c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\_hashlib.pyd
Filesize
37KB

MD5
f9799b167c3e4ffee4629b4a4e2606f2

SHA1
37619858375b684e63bffb1b82cd8218a7b8d93d

SHA256
02dd924d4ebfbb8b5b0b66b6e6bb2388fccdad64d0493854a5443018ad5d1543

SHA512
1f273bb5d5d61970143b94696b14887faa5ed1d50742eccec32dbd87446d696ff683053542c3be13d6c00597e3631eb1366abb6f145d8cc14d653d542893001b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\_lzma.pyd
Filesize
154KB

MD5
38c434afb2a885a95999903977dc3624

SHA1
57557e7d8de16d5a83598b00a854c1dde952ca19

SHA256
bfe6e288b2d93905f5cbb6d74e9c0fc37145b9225db6d1f00c0f69eb45afd051

SHA512
3e59b79c47cb022d7acec0af164c0225cd83588d5e7f8ca3e8a5dfae27510646391a1b08d86d5ee0b39d1b6bf08409d3758488df3c8cc4d458bed9faab7686e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\_queue.pyd
Filesize
24KB

MD5
33a3af108a41c487d6eb6fbc0bbf54dc

SHA1
6b6dd40f7fb163fd2f6ea113dbec0316026b945d

SHA256
e7859d57a449ba5d5e78bef573d9ff4c68d3c9df692a04737f0737b340d2b618

SHA512
65a88ede3c9cd370dd0ba9c1b8676f252cdc14238a4d7b06c63634f255eec846856fd7248e6e00c04f335664687b91f96208278d1477653591841879f624dcbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\_socket.pyd
Filesize
67KB

MD5
6b59705d8ac80437dd81260443912532

SHA1
d206d9974167eb60fb201f2b5bf9534167f9fb08

SHA256
62ed631a6ad09e96b4b6f4566c2afc710b3493795edee4cc14a9c9de88230648

SHA512
fa44386b9a305a1221ed79e1ca6d7edf7a8e288836b77cdca8793c82ebf74a0f28a3fc7ae49e14e87029642d81773d960c160c8b3bcb73e8a4ec9a2fd1cdc7fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\_ssl.pyd
Filesize
139KB

MD5
e28ee2be9b3a27371685fbe8998e78f1

SHA1
fa01c1c07a206082ef7bf637be4ce163ff99e4ac

SHA256
80041ce67e372f1b44b501334590c659154870286d423c19f005382039b79476

SHA512
708e4069bafa9c5fb0d324e60cc81b1a3a442113f84a4e832a97b4196bee0a4a91f2e13239c91757512e1b42bb23166360ad44a5dce68316799aafc91e5bba04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\b0x3r.exe.manifest
Filesize
1KB

MD5
1abeb7ed8a8ef1467ecafb3cc8b92bab

SHA1
eb2f11a10cb8c90db11be57b627672fd8c7cbfbb

SHA256
66bf4b7ab4bc950bc02d113d2c59c943f28be5561ef492452181a98497b52b7a

SHA512
46c52c413e6144bbb1254d5bc9e7220414afe722cd76fec8c05c4732dee366fd04570c5d3511d4d972d4e6af0a642a25bb0fb510f9ff9e23cdc39210aa1a9705

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\base_library.zip
Filesize
768KB

MD5
7546d9e70908018ad9ec9efae808b7d1

SHA1
f4db724887b9aaa9bf14da5e20366a9982884bc5

SHA256
9c9f2fe42346fdf3b1d347d9a280c007a14a6eeee3e48f9945f857d5e3c899a0

SHA512
a1f7b2a944ba2dfa97cef5423e9e746c3a2b42124b87928db645462034a943d4b05710a2562e6eb8ecad3228d49922f8c2e4d2df5585065674f8d8a4860483aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\certifi\cacert.pem
Filesize
275KB

MD5
c760591283d5a4a987ad646b35de3717

SHA1
5d10cbd25ac1c7ced5bfb3d6f185fa150f6ea134

SHA256
1a14f6e1fd11efff72e1863f8645f090eec1b616614460c210c3b7e3c13d4b5e

SHA512
c192ae381008eaf180782e6e40cd51834e0233e98942bd071768308e179f58f3530e6e883f245a2630c86923dbeb68b624c5ec2167040d749813fedc37a6d1e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\libcrypto-1_1.dll
Filesize
2.1MB

MD5
aad424a6a0ae6d6e7d4c50a1d96a17fc

SHA1
4336017ae32a48315afe1b10ff14d6159c7923bc

SHA256
3a2dba6098e77e36a9d20c647349a478cb0149020f909665d209f548dfa71377

SHA512
aa4b74b7971cb774e4ae847a226cae9d125fadc7cde4f997b7564dff4d71b590dcbc06a7103451b72b2afe3517ab46d3be099c3620c3d591ccbd1839f0e8f94a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\libffi-7.dll
Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\libssl-1_1.dll
Filesize
525KB

MD5
697766aba55f44bbd896cbd091a72b55

SHA1
d36492be46ea63ce784e4c1b0103ba21214a76fb

SHA256
44a228b3646eb3575abd5cbcb079e018de11ca6b838a29e4391893de69e0cf4b

SHA512
206957347540f1356d805bf4a2d062927e190481aadc105c3012e69623149850a846503fca30fc38298f74d7f8f69761fddd0aa7f5e31fedb1fa5e5c9de56e9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\python3.DLL
Filesize
57KB

MD5
47dd8b3e1a9ad80cfd9e50153a2ef577

SHA1
1b69768c1743571c552b1eaa09579af59198c14d

SHA256
6220d665d93cd623f342deffa5d62d0ce35ac15927f4dad3a8fb608b8f7e8955

SHA512
6cb2601b62e22c9ed3234415fc25272facb8a5abcf5e3a122e481a426d90e155bad977df877156718c7cd1dd7f943fc38fb4bd39d8d78791d0035fe665395baf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\python38.dll
Filesize
3.9MB

MD5
c512c6ea9f12847d991ceed6d94bc871

SHA1
52e1ef51674f382263b4d822b8ffa5737755f7e7

SHA256
79545f4f3a658865f510ab7df96516f660e6e18fe12cadaaec3002b51fc29ef6

SHA512
e023a353d6f0267f367276344df5f2fdbc208f916ca87fa5b4310ea7edcac0a24837c23ab671fb4b15b109915dfd0e57fbe07593a764b3219312ed5737052822

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\select.pyd
Filesize
23KB

MD5
441299529d0542d828bafe9ac69c4197

SHA1
da31b9afb68ba6e2d40bbc8e1e25980c2afeb1b3

SHA256
973f851dfaf98617b3eb6fa38befeb7ede49bd993408917e207dc7ea399de326

SHA512
9f0fb359a4291d47b8dc0ec789c319637dde0f09e59408c4d7fd9265e51c978aa3ba7ea51ca9524833814bca9e7978d9817658655ee339191634d4ae5f426ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7842\unicodedata.pyd
Filesize
1.0MB

MD5
a6d810b309ab234056f2ec5617afd5ca

SHA1
e11da3968d94b3358fbaf2c39d2a300ffc287dc6

SHA256
9b0b201f338c8c2844be144ac7622d38e3b85ec9c24c0ac128863820da8c41f6

SHA512
94b5bb2e3c430fcb5f9e1d83a3c56dee898afb7e872db5763a3bd05bd7a9b38bf017d71f71b692bc29801b5b2566cc19f91f8b100f48c81c0267d827620e1ab9

Download Submit
memory/2804-1000-0x00000000039E0000-0x00000000039E1000-memory.dmp

Filesize
4KB

Download