335c14850986f5b43481b1728e1ffe477be33281768362ff973a25095d748b27

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 04:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
Size

8.9MB
MD5

3de3c661279730a6145234fc80a8ff95
SHA1

699bd18b48eda29c70066270988044ce173ceb3f
SHA256

335c14850986f5b43481b1728e1ffe477be33281768362ff973a25095d748b27
SHA512

ff1e884f7b49eda4450c134c4ad5276058c888a3063218f4e78345c7ac10cce09487ef4f5db67874156aac037ebb3d930ef0c6e2e4aabd797f11887a8e0c1047
SSDEEP

196608:dlX+aFFgukY8Iw+5j3tpXr7e6DicueojSsmzRIPdes/F:dlrFFg7awYTzvMjNoRaQs/

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 14 IoCs

pid	Process
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
2596	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2596	2196	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe	28
PID 2196 wrote to memory of 2596	2196	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe	28
PID 2196 wrote to memory of 2596	2196	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe	28
PID 2196 wrote to memory of 2596	2196	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe	28
PID 2196 wrote to memory of 2596	2196	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe	28
PID 2196 wrote to memory of 2596	2196	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe	28
PID 2196 wrote to memory of 2596	2196	3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Users\Admin\AppData\Local\Temp\3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\3de3c661279730a6145234fc80a8ff95_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Die for Valhalla Setup.exe.manifest

Filesize
1KB

MD5
449ceb1af5d05451f65c7680f0e6aac0

SHA1
8dc710f7f2402d3a473105949647fb042544b783

SHA256
7c8a8afdddeacd6af819b8004ce5e8f5aa0195cba96539f6876673157149c186

SHA512
b7788b1e5279f033d9d93e4b848fce0601ef327450c7a5c787c84dc2cf0d2e3b1115e31cb48439f764c81fa4de0af35c5401fa507ea19415ce1843c646715de6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\MSVCP90.dll

Filesize
557KB

MD5
dd90031fa3e7533626ca4b1f5c6f0114

SHA1
c075c9c0ffe6b901e1b0758d99463ed68cc4fc9d

SHA256
d338cc1a31226b4af905366d42fe54b96d6a54aa19ce68c66ff6151af47bedd1

SHA512
8154f978ae972ec362ff5bfb24b57216d986d15c0890274c0743b5eb76634de0ab226eecd183a745b8be4b1c8c45283210f4225374e8365527d2f4b70fb1e124

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\python27.dll

Filesize
2.5MB

MD5
bda3ccd47d86473965f00e5fcf9857fd

SHA1
c45985b9ed5083117ceee1dd0823496f9d7189e4

SHA256
ad9038fc6bb13e15fb7794f56f7a57c790026221a402b88b49bf7e9f430f9927

SHA512
eadc5c3c6dc93dac3975324476ff498ef8b70b586630a2736fee69610fde686ffe09e90f8320c5f62587fcfa226c77f65b595370c67b4ab661442ac8a3df9591

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\Die for Valhalla.jpg

Filesize
556KB

MD5
a5e1354fd50b78b58d83c839e4abe879

SHA1
34e2d14ec61051e2cff2a75dba0a9484bcd29529

SHA256
80c83c0271c34380ff924abaeae3882a66978989d66314d27655ef6508184cc3

SHA512
0d6e20edd71cc11e2eb20f7ec869e07ad1af1573ae38412576a3b00a17123275808d6648625e6ea6769f067facd95865553456b1f2c95af58d80333e48b99258

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\bad.png

Filesize
940B

MD5
2ba096963e1c527a42a6e8d3597c05d6

SHA1
7248808fe866ad0db48e21f6b0a3a673738f7edd

SHA256
8e3434053274efe365df95bc33a3415e44076a95ab4065b994fbf08c8fd09544

SHA512
21bdd4858716416b85004c68f9c59a1c115155f35f72cbb5372b08847e9eb82c80e0ca1ac2f1d8210492df35e3758e7ee46fb10c8e214615d5897984cffc74d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\eula.txt

Filesize
11KB

MD5
508d59b95631c297cfed06e2571a7dce

SHA1
db361302a99549757791bc9890512a8a117b5e0c

SHA256
51dfe967d8146ef9c9835d86ea11ff2a211f8d1b4523ca970b75d6a593a38543

SHA512
5285eb6dbf5e1b0c97d811556ea7792c39e7dd94cd366327e73c3ec4cb8cb613a36766a1d2eac786ce8535da99a8e692e5719fdb7a71256ad39170cd3e990a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\folder.png

Filesize
2KB

MD5
14d0fc80cab977c9dbd106c71d3df562

SHA1
5f3a4aa9c65d20eeb635bab56dd65007a34df319

SHA256
672bf4a66aa4782f620d1039d785d19fd019cd5f3346d802c1e05f7a9e585ef1

SHA512
1b54680c462cca5275b9d8d2d691c31f8772a9cd89f88ab4cb93aa7f40a2f6e0ec397b49dd9a93ca92f0fbe2cffe1fec45a25de3b68ed3085e619fb6376e390b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\installer.ico

Filesize
2KB

MD5
05b6d3e24446f730b3988afacee69d87

SHA1
9b4269b6350b6855f985c6042d98b8e8d9fd8d4f

SHA256
2a444d2cb01fdf213c55bb0dfbb089f4aa88168b493d85430bf0853a1cf60dfc

SHA512
7d912686d4749a01559d639babf6cef41480f46b6167f7769ebf043271b1c703155faf038ec47f88fddc34d5abaac20123db65d266f31aa1976efc8b00a753f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\instd.jpeg

Filesize
15KB

MD5
e3b9de212012e2abc1fe8aa7320fca42

SHA1
65c58e1411a1909049c7f10a3b4895b04f9408d0

SHA256
59f88f7d2a2ebe37f70600631f72820d5d6a098113e03e9dc2c43c65d397c0e0

SHA512
77c2f4bb8572992d14125e6813e4fcd8576a5a3bcb7438889e07096163965331267dfc81f9b3a8d693ea1d9c60452e9923efa0f933a048611746187840181a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\ok.png

Filesize
938B

MD5
0e4a4d7a5a359cf6bbfd832ba0cbb027

SHA1
94c7e65c60e5cf833c233f0cadbf2372443dd2b9

SHA256
041a2fed8af4bb47dd38b03de9ab8dbe6bfdd6f438d9cd2f401b54adef9a929a

SHA512
1a97d4f381e7512b0e69305ad9b77885f67b8e14126b825f347f664530434aeed9b22bef61ee195c2789b81c2894372d4289b63276e0cbb4f9f6cfefa8159263

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\wx._controls_.pyd

Filesize
1.0MB

MD5
0db65f78cb8dcdc4ea61e771c72e952a

SHA1
8ab97a0ae7de5753df217975b277733ef7507569

SHA256
eb7263251f27e2cb998f5b22861198cd7456d00ba2ede5343fb24d2860e98ae7

SHA512
b091e697c0a4a458e38494303cf5df99bf1319c440a988e95ad5674ece44b64c7ca7c4e366d497dbfcd483ca16908e904467b5113ae60238cac7b8db6d465dde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\wx._misc_.pyd

Filesize
716KB

MD5
0eea7ca8f5e69c2c84020c7f8dd1f364

SHA1
852d457563fab158c97ced7d366f669eca73df96

SHA256
4fc4c253c6814983ff4694fba2b692c470d3b39b7ef47c536b57aefb6c52794a

SHA512
1f64d461a5ed5cfb0cc8cd51fd08488ba48a0167d9957438b5e7a95106e7f402832530c8161c94e43ff578baa95fc932520066ded6297e6f99b1e1b971dc72ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\wx._windows_.pyd

Filesize
797KB

MD5
6b7489e7b9ca93d08fb5831b6fbb94c5

SHA1
0b99cca6dc02953f003135a2c95054c23783abfd

SHA256
9f2202be7329583186dd1dada398d2941c6a32f9b9b7239dbaf1543c2d30779f

SHA512
bd38241ce4b2caa48f9cc03b5f966e6d609b3cb711e475a649c77e543ec25d2722cc51ce3d587666fa3c0d45769c5840b1746425919991b22e7440b696a568ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\wxbase30u_net_vc90.dll

Filesize
151KB

MD5
8abeb0f85934df4329c145116ea1c7ac

SHA1
46fe23eb68e96ddfcf300d5ee586dd78fbab1ea7

SHA256
9f4253e3aa6ab8a2dcfd5813aa2d2883de4fc192f5a12ca25ae3d4dc44fae703

SHA512
462bd20a8d9baa3ba1ea62eb0ff1c2ff473aeca61b3df7a1e7fde1754ee89c412c2ba664b7ea211249edc5156cb9832768f306c9b4e50dbc3139822619e0d077

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\wxbase30u_vc90.dll

Filesize
1.9MB

MD5
e21cb912288e0ab5c8ece3abc2788149

SHA1
45becba9675bf3a085eaff8de8e03c0cd4921cc0

SHA256
4805f09366f2d8dd0586bf2367462a2d82be65b99aca712d257259a664714f2b

SHA512
012f493a9970632990daeca315ceb2685bafe8718e697040bf40b296e2820162226cdffa742d9daf277338c926e2333266ba0884561a5cbd76a396ec8f2ac14a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\wxmsw30u_adv_vc90.dll

Filesize
1.2MB

MD5
4bcd21ce5ec80e1666002f588439cafc

SHA1
16f5b22c80043b83136927bd77bd113535ffcb82

SHA256
5c2755f9b6f089605dec462460f31513db291b4fece39d21b5223a0cbe281425

SHA512
4756c4362f3c5f62843e7cfeb7d845f5a0ad6402995f1aff6d41c8719a70670833c8073949a894225c7b96b348b939a887bcd4c43855a7568505c02f1d3d28cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\wxmsw30u_core_vc90.dll

Filesize
4.6MB

MD5
f67b8b3f8fda00f501573e7c267aed26

SHA1
5d8329b32a49361d6cbcafcc44de86b182d5acc8

SHA256
8a3f95f4a9e2b9465be14f027349912c00681e0744b68ab80db0a009951a9db7

SHA512
0418c8395a658174e0215062d3b61f4cde64d1333f733c791cf10ac87a8f8cd56cf2dc8d0ba12da1cfa6edcd7262963910aa537818762159d1f7f3fd4db7ec52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21~1\wxmsw30u_html_vc90.dll

Filesize
587KB

MD5
54501be59fdb1a6b4f37eb2d9a7504d4

SHA1
2d3e97cb9806011258767f617d241620b2988db7

SHA256
df726bbefdc5efb78bea9cc79aa7b285584dfa74a6f97c17de08cfb642c5af46

SHA512
43d1937c3885d5344b4c67d7af9d7b0e379f757ef3ec64b1830e4a2dc90e28538a149ed402fbdd559cec7b024b484ec35926765d9b410d203b12b402f6047959

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21962\msvcr90.dll

Filesize
638KB

MD5
b57aa4b9c02ab9cf14d59f56ae5c7557

SHA1
10e6e43c3283ad0cb5c95da84ad67324f2c36238

SHA256
38d822661affbbda0eaeac0715ec8eb91a5dcc2f41bbff4b5de5dee57f7d9e17

SHA512
b0838175024db2a62f1c0b2149fa390986c3aa7ea296f6419711a5a40b1da4ca2091586df530fbc90e72b1588197e7418bcba9f9821417d232b12d6c51d74436

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21~1\_hashlib.pyd

Filesize
993KB

MD5
b1dbd52e5da083e5b5613a2b4c17a4ef

SHA1
0ed87f9e0b572f88e102739daab54db03fade416

SHA256
fa57bf3173f2d636984305401c06f1618b8119fea2c311d1173566ea236fa0c6

SHA512
dbe14802ff53e8fb9f35baa1c1bd0dc55c1073e0f96b59b5cc3783760e23c645cd453a39b2b4d0ab79ee871ba1cb81154a4cf5c54b67dde7ea14008d72dd2cae

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21~1\wx._core_.pyd

Filesize
1.1MB

MD5
4b9820d3bd2e61fb921c0dde667bf513

SHA1
2ff2ce8d072eaef95c9c43fcad82615ba0f87865

SHA256
92ad1dcc58b8a6d7453d7cd3db046133963c2c5aa6045aa4506d14fe9a7c4765

SHA512
cccae0200d84543b5deac528727479f786142cc51dff590d9142ac53c851d8cf3a70c83637b7bc7ff2a4cebdd694b8f4fcc65cecaaa6b1d52f4364eb3123fa1d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21~1\wx._gdi_.pyd

Filesize
788KB

MD5
d12df306c261ef2cbfeeb429c6e2527e

SHA1
cc9a95ca1be16470a9476f80f0061109faed8e19

SHA256
6c12d4cc6f05674e029530e080b8c308a0436933563dc1eea9e9422c396f899d

SHA512
6d04c1c0472445b605e0b4a4d97bd8eb3ff0faec2c1e939ce6af5d10373cd7d407944c3fa3f181d20b954e6536846691912044485daeca6ae23d943404be3980

Download Submit
memory/2196-77-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2596-48-0x0000000002D70000-0x0000000003235000-memory.dmp

Filesize
4.8MB

Download
memory/2596-61-0x0000000003450000-0x00000000034E6000-memory.dmp

Filesize
600KB

Download
memory/2596-64-0x0000000003CF0000-0x0000000003DF9000-memory.dmp

Filesize
1.0MB

Download
memory/2596-44-0x0000000000440000-0x0000000000469000-memory.dmp

Filesize
164KB

Download
memory/2596-38-0x0000000002B70000-0x0000000002D67000-memory.dmp

Filesize
2.0MB

Download
memory/2596-51-0x0000000003240000-0x0000000003377000-memory.dmp

Filesize
1.2MB

Download
memory/2596-67-0x0000000003E00000-0x0000000003EB7000-memory.dmp

Filesize
732KB

Download
memory/2596-58-0x0000000003380000-0x000000000344C000-memory.dmp

Filesize
816KB

Download
memory/2596-54-0x0000000002660000-0x0000000002729000-memory.dmp

Filesize
804KB

Download
memory/2596-78-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads