Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    21/05/2024, 21:16

General

  • Target

    64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe

  • Size

    8.5MB

  • MD5

    64cb7853734b2c2ec996b0dfb3274870

  • SHA1

    b2463ceabf2fd47dfe4050eec27a453513215684

  • SHA256

    348ef2dd83a99d7bef81112fb3ee9d6abb7bbc6ffe26cb4249fd90df34ab814c

  • SHA512

    e8f61f049665b7df678492d966bc47aa97785e10ddd86a4b7431a616427118aab9045a41efeec3903159ed97746fba3ba483e65e981e129912f8e1359cd9e2b4

  • SSDEEP

    196608:ZDILoP1HSsimvlG2etbYPvbJQlHJCOj8Cs4dLOt:/P1pimtokJQlpfk

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1312
    • C:\Users\Admin\AppData\Local\Temp\64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe"
      2⤵
      • Loads dropped DLL
      PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI13122\VCRUNTIME140.dll

    Filesize

    81KB

    MD5

    2ebf45da71bd8ef910a7ece7e4647173

    SHA1

    4ecc9c2d4abe2180d345f72c65758ef4791d6f06

    SHA256

    cf39e1e81f57f42f4d60abc1d30ecf7d773e576157aa88bbc1d672bf5ad9bb8b

    SHA512

    a5d3626553731f7dc70f63d086bd9367ea2c06ad8671e2578e1340af4c44189ecb46a51c88d64a4b082ce68160390c3f8d580dde3984cd254a408f1ef5b28457

  • C:\Users\Admin\AppData\Local\Temp\_MEI13122\_ctypes.pyd

    Filesize

    113KB

    MD5

    c827a20fc5f1f4e0ef9431f29ebf03b4

    SHA1

    ee36cb853d79b0ba6b4e99b1ef2fbae840c5489d

    SHA256

    d500cff28678eced1fc4b3aeabecc0f3b30de735fdefe90855536bc29fc2cb4d

    SHA512

    d40b816cde6bdf6e46c379674c76f0991268bd1617b96a4e4f944b80e12692ce410e67e006b50b6a8cfaef96aacc6cb806280bac3aa18ee8690669702d01065c

  • C:\Users\Admin\AppData\Local\Temp\_MEI13122\_socket.pyd

    Filesize

    67KB

    MD5

    6b59705d8ac80437dd81260443912532

    SHA1

    d206d9974167eb60fb201f2b5bf9534167f9fb08

    SHA256

    62ed631a6ad09e96b4b6f4566c2afc710b3493795edee4cc14a9c9de88230648

    SHA512

    fa44386b9a305a1221ed79e1ca6d7edf7a8e288836b77cdca8793c82ebf74a0f28a3fc7ae49e14e87029642d81773d960c160c8b3bcb73e8a4ec9a2fd1cdc7fd

  • C:\Users\Admin\AppData\Local\Temp\_MEI13122\base_library.zip

    Filesize

    768KB

    MD5

    90ae7f393c7b387e264d5be6c9057f92

    SHA1

    384a445b35fd5bf48f5585ce3ffc0123501aa1d7

    SHA256

    5f903b4551e9e7269d9c5c9c496b911c7d319eb7e6b8d98a4f6ad47628500107

    SHA512

    607974aafed9cdd7bdb85dfca597ac1b407c590a48ef0ecdea3cf411b3a57610be30ca7f8baff7ac4fdafdac449dd2aaf1575aa0140badfb4cd140e457061fd9

  • C:\Users\Admin\AppData\Local\Temp\_MEI13122\libffi-7.dll

    Filesize

    28KB

    MD5

    bc20614744ebf4c2b8acd28d1fe54174

    SHA1

    665c0acc404e13a69800fae94efd69a41bdda901

    SHA256

    0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

    SHA512

    0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

  • C:\Users\Admin\AppData\Local\Temp\_MEI13122\python38.dll

    Filesize

    3.9MB

    MD5

    c512c6ea9f12847d991ceed6d94bc871

    SHA1

    52e1ef51674f382263b4d822b8ffa5737755f7e7

    SHA256

    79545f4f3a658865f510ab7df96516f660e6e18fe12cadaaec3002b51fc29ef6

    SHA512

    e023a353d6f0267f367276344df5f2fdbc208f916ca87fa5b4310ea7edcac0a24837c23ab671fb4b15b109915dfd0e57fbe07593a764b3219312ed5737052822

  • C:\Users\Admin\AppData\Local\Temp\_MEI13122\select.pyd

    Filesize

    23KB

    MD5

    441299529d0542d828bafe9ac69c4197

    SHA1

    da31b9afb68ba6e2d40bbc8e1e25980c2afeb1b3

    SHA256

    973f851dfaf98617b3eb6fa38befeb7ede49bd993408917e207dc7ea399de326

    SHA512

    9f0fb359a4291d47b8dc0ec789c319637dde0f09e59408c4d7fd9265e51c978aa3ba7ea51ca9524833814bca9e7978d9817658655ee339191634d4ae5f426ddc