9485a1630d9283d7efee3828fca32d72cfcb3fb1e91015a9753df09a21f14da2

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
Size

5.5MB
MD5

05367b6e911d2a1d934bed7807a405e8
SHA1

8900ff0ee8d70485f31dfa7d572e969dea06346a
SHA256

9485a1630d9283d7efee3828fca32d72cfcb3fb1e91015a9753df09a21f14da2
SHA512

244e8c3de5a4df286e42fdec4eeca67aca921c1264229137907823c5a0f567dfc27f9bbb30162886539d83064d414fd7b964df00ea0354dc37fe6e98c8f06e0b
SSDEEP

98304:RMQRtouglcd5daFwiA4+Foa6uJwNHKqt3w42KtNQhI/ke2EKRadxToSuT5LJ:Rzo8YFu4+m4JwZn/IEAmxEvL

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 19 IoCs

Processes:

05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe

pid	process
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe

description pid process

Token: SeDebugPrivilege 2556 05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	2556	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe

description	pid	process	target process
PID 2156 wrote to memory of 2556	2156	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
PID 2156 wrote to memory of 2556	2156	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
PID 2156 wrote to memory of 2556	2156	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
PID 2156 wrote to memory of 2556	2156	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe	05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2156

C:\Users\Admin\AppData\Local\Temp\05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\05367b6e911d2a1d934bed7807a405e8_JaffaCakes118.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2556

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21562\laZagne.exe.manifest
Filesize
1011B

MD5
d4f67c89b0881bd3a9be8c310f73ecc9

SHA1
d094c7160ff8febbaacbefa4ce18bc7c8a4a4a37

SHA256
ac982a09fda610399d78d5fe3c3c30ee435a3d7923d244f284399b838b6a14b2

SHA512
c588eb597e463639a3c3064df3ebf587fb6d9a9c8d159f4cdc38f96013b2a8e203f219de034c98d1d986beff5145c89f9cb67697c108c3f4a3d94635cebb47cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21562\python27.dll
Filesize
2.5MB

MD5
797ca0774a79ed2577c77ca71d00d89c

SHA1
3b2ec22ce4dcabf87fb57e66406b58fc379e47b7

SHA256
7c5e91959ae87b62350889304bc7e52eac5a99ba57367e737357f2d4983b6a57

SHA512
d853666b830f8f903fb20e023fd74b8b8556c064a02f483c821267cb336cfbef61be2915c1e0e2491ae2f8d2dcce35c1a88bbba3180b395aadac3a8edf776e35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\Crypto.Cipher._AES.pyd
Filesize
28KB

MD5
5ed09337fb3d060b21589eaf418fdebc

SHA1
0a6d7c5fa409ebc6b6571c0874eec3972cd23288

SHA256
28dc5fb8ffff45346ce815c494d1309e88c643b6a419284e61ab45a75beb8950

SHA512
255ed3bc1d3d242f6d9aba784ce3bab53470b741b0b2452174f2a1bd2bf5c08fbd1762a46c71b2cbf15fcc8f0bf8db6549998fc2dd47085c8524739d4bd5c11d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\Crypto.Cipher._ARC4.pyd
Filesize
8KB

MD5
b5958cc438d380c157131834438d37c4

SHA1
1230f3ef1d965703bcb276560cb9673aa27dde44

SHA256
e998d3393322c5cd5d63c8e6f10cbfd34cafab848a1adaee839922381c7fda5b

SHA512
6b1672f00d9ef077666007405702e383543b5988b050a26d52dd11ba06ffbb79d3478116a5d43aa75a016adaa27ad49b4447a4cdaa0c9fb39b2796a23c71286d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\Crypto.Cipher._DES.pyd
Filesize
53KB

MD5
f6f7d1fd422e072a02c3ff988faa9fb8

SHA1
00a91b26baf00ea35da9e3935efc3efe35b03af3

SHA256
a9fb71bdc128b2ef2b7bd0706d73951901b8dc2a041a477aca6142f1aaf25c38

SHA512
0ec34b16ad7b0db24f0bdc0a954f25c13f7927fe42e9bd836862001c95d4ce3492d153fec013441a7430a6249d87fa9f3b5e9db431ef7acda7fc95b0cabab156

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\Crypto.Random.OSRNG.winrandom.pyd
Filesize
9KB

MD5
596462e114695a21df2b4af4c5405374

SHA1
2b1454f6c71a2d3c9842d6755da2f535435306e0

SHA256
0e30ef102e2075b18e342edb9387fa20410a67f71507da639512b66d3cd8a817

SHA512
d000c6e6bd0d2fa38acaedd3193cafe7a7f141d8550ab6d940a02d39781fdc7301548bd0544956b18c5d398ae4de0d33529f00a94c9e832ec5e2eb84c0a18311

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\Crypto.Util._counter.pyd
Filesize
10KB

MD5
70741363c35c6aea7641a8f86f9e73f3

SHA1
e09bc620b467df078ed45fcb1a9eff97e71642f9

SHA256
c12bd1be1cbfee258014454d648cd2db5525a65791f8c3f835dbc639527124a4

SHA512
4847d37fcd2bb522733c96c2631f48593eef0e013a58121f703d7912d03d03a52e0973d9b4a67dd2fb0f0cdf65e95f4f9eea5de3e7396edba5009776d41c2156

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\Crypto.Util.strxor.pyd
Filesize
7KB

MD5
f6bdfc886756cfb4101c68006aba5efe

SHA1
f5df483d9f9080079a7989dc086ceee7474b905c

SHA256
61052b2ed62c659ea1178a3d1afb22012a4c1317857b8678745355038ed0ef80

SHA512
cb00bc80d746751f80a1d0cc969e273fe3391dc48b180f7bac7514b2d7feee6c31746ed027e08a4ec51d6cb634dc3f5ea81831b0d8655606621dbc8df9d0b7cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\_ctypes.pyd
Filesize
91KB

MD5
0728f17bbc34e021f97669592cc3220f

SHA1
4ec787df6653d57a31786ad640f9dba320736184

SHA256
831afbe9c723ee4b0d38871e9116b7062a776ec0786237f6a376d91d57263635

SHA512
e62d0752f12f989df46c7a43cb464b0db74818bddc5529325a060ebbc5aabb47b46954a5bda7fcfa5991944ce1554788186f28400cf729c0205190f3b514d8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\_elementtree.pyd
Filesize
134KB

MD5
90a9b511c45b6b7070385ecfd4b82a86

SHA1
31258da38d3693e1934c88b6bd1524b380fac50e

SHA256
151dd5b9a09e15b2aedb307536562a420ebf2efc2396632cc0d583f26c5fd145

SHA512
9d5b7007079643ffc677d0d9b151d0cc254e2c865f8fa4cdf1a6dd9caa240da4c3a61f51190f576e86f8d6f8bc2ab0e8cfa81a5f4fb8445c95f6a77a38e7c812

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\_hashlib.pyd
Filesize
985KB

MD5
32c15e073602afdf99d8f2583a7f5805

SHA1
296d204fed0af6a6330735cc50a3457b7002e7e4

SHA256
15a9b3a01ec0b0196c01d1a7a84eeb1665857a1e4e229019c1d088ba8b5a8d19

SHA512
4eb794e05fc6b6f421fb5aa7a2308aacfa0f571798c53f2625704cfbe44264e88867168b68b3d2a3502a7adafefb84d088132eea44ff308b75c7a421e4bdadbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\_socket.pyd
Filesize
47KB

MD5
915c61c9e2a4241af0c8c7ff4363bb03

SHA1
e2d65fba9628d2ec2f1c00cf4a9c98fe590c21e7

SHA256
924a4c3c5d080641e534dc0645531de993ec5be195b2a91cb41e2f6d25508889

SHA512
4a0227e2896b3dc4a1ce6232cb40efe2e04dbe146a0561093f91961c4fb5b2a8be22cb54ecdce1c253b5ebffe65c2740e9aa227285cdbccac7dc07fc82ec7e37

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\_sqlite3.pyd
Filesize
51KB

MD5
33299705fc182e73d54ec48b60813f76

SHA1
f2fb09ee264aa442bdd95ff7b85b24bd85d006df

SHA256
80a1f02fbf000b5d2cfd7b47a43ed71b1685838ef1d4f1467a2d3f1e9a5a68af

SHA512
826a8bbb9c9baa93832fd0edcb2520e91e7f86f26a586aa69456f3db18846c3fb82c38d5b7c1d5422269c4a26446a93ca6fd4bbdcd34d1ccb713cc23b63935ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\_ssl.pyd
Filesize
1.4MB

MD5
6d1f27b5c28f93c94ea55d9a2620d737

SHA1
0a89ed428c6d2d58e2c0cb40666ed37b08235e36

SHA256
0f926fe6b44959ac97349c0a76560eb9bbc86dca0ba812cc18f423325036b9c0

SHA512
adbcb56533896ee088d2f71430dccefd2a15966bfb92269e0c42762184074351a2d49fdca61062769936bb087bef1bdda2037925f8e069d6a2b3b1883c3b3721

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\psutil._psutil_windows.pyd
Filesize
43KB

MD5
eb5e5c4ea7fa5f2d36d5af3eaa325e78

SHA1
97e755b94ff235f748011437a8cb2cda732fa953

SHA256
1a7f99d3e819d899acf7423d132fc5ef0b872e31dfea75865dacff255bbee4f7

SHA512
a211625ffef92bda0956f20202ed2b82c13f74600811899a59c9d26ea8217c78fb9200579b2e30486a5c21a374dae839c7378354ff6e72a8b78e99c3b53a0331

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\pyexpat.pyd
Filesize
134KB

MD5
f8d117cf422ea64b74d3b120927b2937

SHA1
29dd595d5e0a8508dab24fc15ec7b3384facfd72

SHA256
902ab5ace6ab54ae96db77dcb792a301407d1090a844de42c7644821c52381d8

SHA512
60949f8356f8b6eb42641a95c241d476d28ff71fc236e91b8ffc7d06c72114c3b034834eb957c46144d8234bb86577b437a2c93c700734899cc62024e3f93da0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\sqlite3.dll
Filesize
407KB

MD5
3f974cfe2900e6be704e80cc9f295294

SHA1
59e501779a1ee74ec499d2f8ae37237a5b94b08a

SHA256
edd77d24f741f5aa7a6694af4942a06eb6da297d0bc967ec3878793b78223b44

SHA512
50ed30586935c99953b0edc1d474d6d6897a9e3a17a213f7db85871a6ae30df7870fdac6fe06747244f20ce3b71b8c7d0aaded39b99f1bcdf13b75236a77dfd6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21562\msvcr90.dll
Filesize
638KB

MD5
31d858c6f1c453af516343758a4b2c69

SHA1
ec9fafdb7333df42e3a8fb25f6f0f30ffe36b795

SHA256
12abcf99dd28bf35b3c224accfe2587ba5f4199d163224b344cdc770eed36130

SHA512
92923ca2f4be8fab82a5104cbc39ce84ce60000d4e825b5ccc0b44ba7f7090f7967b491350adf2f0c4ef9ce63ba93241030245e730f1a77c055b0257e64cbc45

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21~1\Crypto.Cipher._DES3.pyd
Filesize
53KB

MD5
5f1d9481e7c076bf74870b89403011e1

SHA1
76eab313cda2343484c6227a83aa42d6982a2614

SHA256
2529a3721551f9526e6d55b749fdee7853c0b3b4eee83aa7c3b59644f9b6b464

SHA512
83e71edc4dfe0927009c6eecc3782ebe39a42b5f467a2c7c80b86dae6e9f0f9cad353dd79ecde887d94b2ead4b3eb3ab8f0b6632c0fe52c8fbe765588541fae9

Download Submit
memory/2156-85-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2556-53-0x0000000000520000-0x000000000052D000-memory.dmp

Filesize
52KB

Download
memory/2556-58-0x0000000000710000-0x0000000000720000-memory.dmp

Filesize
64KB

Download
memory/2556-38-0x0000000000430000-0x00000000004D3000-memory.dmp

Filesize
652KB

Download
memory/2556-73-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download