faf61d99446e79644473c544155234091bbd0abce054ac9118ba17b038f197be

Analysis

max time kernel
140s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 04:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
Size

8.6MB
MD5

026ae77ed4f828ded03cbaf3f6e386c7
SHA1

02555b5fd38a7c295578cd9077c73b3d14d8d8cc
SHA256

faf61d99446e79644473c544155234091bbd0abce054ac9118ba17b038f197be
SHA512

cc52476ef142ea9c7dc94327a7c9fd4815efc71f58ca3244b37a676e5a40301cef0b31049a9d9c9de002655fb13842a2db9dc728a9baa158951b9ab1bf3e6e28
SSDEEP

196608:AlX+aFFgukY8Iw+5j3tpXr7e6DicueojSsmzRIZFqGes/F:AlrFFg7awYTzvMjNoRiFAs/

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 22 IoCs

pid	Process
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
3208	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 3208	4632	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe	81
PID 4632 wrote to memory of 3208	4632	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe	81
PID 4632 wrote to memory of 3208	4632	026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe	81

C:\Users\Admin\AppData\Local\Temp\026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Users\Admin\AppData\Local\Temp\026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\026ae77ed4f828ded03cbaf3f6e386c7_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI46322\GTA San Andreas Setup.exe.manifest

Filesize
1KB

MD5
3d1acf3a6c458634302eee447c1f83a6

SHA1
0ae6c1daf2f04e8d67d1b340664b496d00acca33

SHA256
d349604ead3de71849af500217a7f2d1cceda103cca924574f0579f711c0bec7

SHA512
06021a5015c3cd66bdfbe753458ca748cabd582c5ee89b34914e987f8cff081374d20e4fbf5ce70a96da9b90b90a8012f9e5ac73966f27cbdae5860e2b151cbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46322\_hashlib.pyd

Filesize
993KB

MD5
b1dbd52e5da083e5b5613a2b4c17a4ef

SHA1
0ed87f9e0b572f88e102739daab54db03fade416

SHA256
fa57bf3173f2d636984305401c06f1618b8119fea2c311d1173566ea236fa0c6

SHA512
dbe14802ff53e8fb9f35baa1c1bd0dc55c1073e0f96b59b5cc3783760e23c645cd453a39b2b4d0ab79ee871ba1cb81154a4cf5c54b67dde7ea14008d72dd2cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46322\python27.dll

Filesize
2.5MB

MD5
bda3ccd47d86473965f00e5fcf9857fd

SHA1
c45985b9ed5083117ceee1dd0823496f9d7189e4

SHA256
ad9038fc6bb13e15fb7794f56f7a57c790026221a402b88b49bf7e9f430f9927

SHA512
eadc5c3c6dc93dac3975324476ff498ef8b70b586630a2736fee69610fde686ffe09e90f8320c5f62587fcfa226c77f65b595370c67b4ab661442ac8a3df9591

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46322\wx._controls_.pyd

Filesize
1.0MB

MD5
0db65f78cb8dcdc4ea61e771c72e952a

SHA1
8ab97a0ae7de5753df217975b277733ef7507569

SHA256
eb7263251f27e2cb998f5b22861198cd7456d00ba2ede5343fb24d2860e98ae7

SHA512
b091e697c0a4a458e38494303cf5df99bf1319c440a988e95ad5674ece44b64c7ca7c4e366d497dbfcd483ca16908e904467b5113ae60238cac7b8db6d465dde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46322\wx._gdi_.pyd

Filesize
788KB

MD5
d12df306c261ef2cbfeeb429c6e2527e

SHA1
cc9a95ca1be16470a9476f80f0061109faed8e19

SHA256
6c12d4cc6f05674e029530e080b8c308a0436933563dc1eea9e9422c396f899d

SHA512
6d04c1c0472445b605e0b4a4d97bd8eb3ff0faec2c1e939ce6af5d10373cd7d407944c3fa3f181d20b954e6536846691912044485daeca6ae23d943404be3980

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46322\wx._misc_.pyd

Filesize
716KB

MD5
0eea7ca8f5e69c2c84020c7f8dd1f364

SHA1
852d457563fab158c97ced7d366f669eca73df96

SHA256
4fc4c253c6814983ff4694fba2b692c470d3b39b7ef47c536b57aefb6c52794a

SHA512
1f64d461a5ed5cfb0cc8cd51fd08488ba48a0167d9957438b5e7a95106e7f402832530c8161c94e43ff578baa95fc932520066ded6297e6f99b1e1b971dc72ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46322\wx._windows_.pyd

Filesize
797KB

MD5
6b7489e7b9ca93d08fb5831b6fbb94c5

SHA1
0b99cca6dc02953f003135a2c95054c23783abfd

SHA256
9f2202be7329583186dd1dada398d2941c6a32f9b9b7239dbaf1543c2d30779f

SHA512
bd38241ce4b2caa48f9cc03b5f966e6d609b3cb711e475a649c77e543ec25d2722cc51ce3d587666fa3c0d45769c5840b1746425919991b22e7440b696a568ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46322\wxbase30u_vc90.dll

Filesize
1.9MB

MD5
e21cb912288e0ab5c8ece3abc2788149

SHA1
45becba9675bf3a085eaff8de8e03c0cd4921cc0

SHA256
4805f09366f2d8dd0586bf2367462a2d82be65b99aca712d257259a664714f2b

SHA512
012f493a9970632990daeca315ceb2685bafe8718e697040bf40b296e2820162226cdffa742d9daf277338c926e2333266ba0884561a5cbd76a396ec8f2ac14a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46322\wxmsw30u_core_vc90.dll

Filesize
4.6MB

MD5
f67b8b3f8fda00f501573e7c267aed26

SHA1
5d8329b32a49361d6cbcafcc44de86b182d5acc8

SHA256
8a3f95f4a9e2b9465be14f027349912c00681e0744b68ab80db0a009951a9db7

SHA512
0418c8395a658174e0215062d3b61f4cde64d1333f733c791cf10ac87a8f8cd56cf2dc8d0ba12da1cfa6edcd7262963910aa537818762159d1f7f3fd4db7ec52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46322\wxmsw30u_html_vc90.dll

Filesize
587KB

MD5
54501be59fdb1a6b4f37eb2d9a7504d4

SHA1
2d3e97cb9806011258767f617d241620b2988db7

SHA256
df726bbefdc5efb78bea9cc79aa7b285584dfa74a6f97c17de08cfb642c5af46

SHA512
43d1937c3885d5344b4c67d7af9d7b0e379f757ef3ec64b1830e4a2dc90e28538a149ed402fbdd559cec7b024b484ec35926765d9b410d203b12b402f6047959

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46~1\GTA San Andreas.jpg

Filesize
309KB

MD5
d2431264ca2d350af1bd2f39d77bbfb6

SHA1
4074f10a9b8ab472bfc6b251e0ee5774f91e836b

SHA256
7ebe592ade836f3d784e4c9f9df0511afbeef2898da3f4c406faf00dc7d57018

SHA512
e207d2140f984f83be384fbbc50e67c0781774ce5122c0ba369f9e4e7e86f5c798047728213e2f658ab6f5251690864a0309f9c127d64d9417d26f4512c08e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46~1\bad.png

Filesize
940B

MD5
2ba096963e1c527a42a6e8d3597c05d6

SHA1
7248808fe866ad0db48e21f6b0a3a673738f7edd

SHA256
8e3434053274efe365df95bc33a3415e44076a95ab4065b994fbf08c8fd09544

SHA512
21bdd4858716416b85004c68f9c59a1c115155f35f72cbb5372b08847e9eb82c80e0ca1ac2f1d8210492df35e3758e7ee46fb10c8e214615d5897984cffc74d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46~1\eula.txt

Filesize
11KB

MD5
508d59b95631c297cfed06e2571a7dce

SHA1
db361302a99549757791bc9890512a8a117b5e0c

SHA256
51dfe967d8146ef9c9835d86ea11ff2a211f8d1b4523ca970b75d6a593a38543

SHA512
5285eb6dbf5e1b0c97d811556ea7792c39e7dd94cd366327e73c3ec4cb8cb613a36766a1d2eac786ce8535da99a8e692e5719fdb7a71256ad39170cd3e990a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46~1\folder.png

Filesize
2KB

MD5
14d0fc80cab977c9dbd106c71d3df562

SHA1
5f3a4aa9c65d20eeb635bab56dd65007a34df319

SHA256
672bf4a66aa4782f620d1039d785d19fd019cd5f3346d802c1e05f7a9e585ef1

SHA512
1b54680c462cca5275b9d8d2d691c31f8772a9cd89f88ab4cb93aa7f40a2f6e0ec397b49dd9a93ca92f0fbe2cffe1fec45a25de3b68ed3085e619fb6376e390b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46~1\installer.ico

Filesize
2KB

MD5
05b6d3e24446f730b3988afacee69d87

SHA1
9b4269b6350b6855f985c6042d98b8e8d9fd8d4f

SHA256
2a444d2cb01fdf213c55bb0dfbb089f4aa88168b493d85430bf0853a1cf60dfc

SHA512
7d912686d4749a01559d639babf6cef41480f46b6167f7769ebf043271b1c703155faf038ec47f88fddc34d5abaac20123db65d266f31aa1976efc8b00a753f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46~1\instd.jpeg

Filesize
15KB

MD5
e3b9de212012e2abc1fe8aa7320fca42

SHA1
65c58e1411a1909049c7f10a3b4895b04f9408d0

SHA256
59f88f7d2a2ebe37f70600631f72820d5d6a098113e03e9dc2c43c65d397c0e0

SHA512
77c2f4bb8572992d14125e6813e4fcd8576a5a3bcb7438889e07096163965331267dfc81f9b3a8d693ea1d9c60452e9923efa0f933a048611746187840181a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46~1\ok.png

Filesize
938B

MD5
0e4a4d7a5a359cf6bbfd832ba0cbb027

SHA1
94c7e65c60e5cf833c233f0cadbf2372443dd2b9

SHA256
041a2fed8af4bb47dd38b03de9ab8dbe6bfdd6f438d9cd2f401b54adef9a929a

SHA512
1a97d4f381e7512b0e69305ad9b77885f67b8e14126b825f347f664530434aeed9b22bef61ee195c2789b81c2894372d4289b63276e0cbb4f9f6cfefa8159263

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46~1\wx._core_.pyd

Filesize
1.1MB

MD5
4b9820d3bd2e61fb921c0dde667bf513

SHA1
2ff2ce8d072eaef95c9c43fcad82615ba0f87865

SHA256
92ad1dcc58b8a6d7453d7cd3db046133963c2c5aa6045aa4506d14fe9a7c4765

SHA512
cccae0200d84543b5deac528727479f786142cc51dff590d9142ac53c851d8cf3a70c83637b7bc7ff2a4cebdd694b8f4fcc65cecaaa6b1d52f4364eb3123fa1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46~1\wxbase30u_net_vc90.dll

Filesize
151KB

MD5
8abeb0f85934df4329c145116ea1c7ac

SHA1
46fe23eb68e96ddfcf300d5ee586dd78fbab1ea7

SHA256
9f4253e3aa6ab8a2dcfd5813aa2d2883de4fc192f5a12ca25ae3d4dc44fae703

SHA512
462bd20a8d9baa3ba1ea62eb0ff1c2ff473aeca61b3df7a1e7fde1754ee89c412c2ba664b7ea211249edc5156cb9832768f306c9b4e50dbc3139822619e0d077

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46~1\wxmsw30u_adv_vc90.dll

Filesize
1.2MB

MD5
4bcd21ce5ec80e1666002f588439cafc

SHA1
16f5b22c80043b83136927bd77bd113535ffcb82

SHA256
5c2755f9b6f089605dec462460f31513db291b4fece39d21b5223a0cbe281425

SHA512
4756c4362f3c5f62843e7cfeb7d845f5a0ad6402995f1aff6d41c8719a70670833c8073949a894225c7b96b348b939a887bcd4c43855a7568505c02f1d3d28cd

Download Submit
memory/3208-61-0x00000000038C0000-0x000000000398C000-memory.dmp

Filesize
816KB

Download
memory/3208-43-0x0000000002AA0000-0x0000000002BD7000-memory.dmp

Filesize
1.2MB

Download
memory/3208-45-0x00000000025F0000-0x0000000002619000-memory.dmp

Filesize
164KB

Download
memory/3208-49-0x00000000030B0000-0x00000000032A7000-memory.dmp

Filesize
2.0MB

Download
memory/3208-56-0x00000000036B0000-0x0000000003779000-memory.dmp

Filesize
804KB

Download
memory/3208-69-0x0000000004230000-0x0000000004339000-memory.dmp

Filesize
1.0MB

Download
memory/3208-73-0x0000000004340000-0x00000000043F7000-memory.dmp

Filesize
732KB

Download
memory/3208-65-0x0000000003990000-0x0000000003A26000-memory.dmp

Filesize
600KB

Download
memory/3208-51-0x0000000002BE0000-0x00000000030A5000-memory.dmp

Filesize
4.8MB

Download
memory/3208-84-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4632-83-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads