Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 01:34

General

  • Target

    73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe

  • Size

    5.4MB

  • MD5

    73ee6681043bed0a66e411cbfd6e84f5

  • SHA1

    7e9912fa4ff9f9a4b86f37248031a9a66a3b62e7

  • SHA256

    bd69918ba5c2bde593638d10407c5bc3999a1da4ba11c27c7fe95b6264e27358

  • SHA512

    6cef3be91e22065adb0c350bfc5377214ecf34a78870d364afa5bbef5d4efbb72531776ab930e71a4839d6f542f725c6a802b2ce32ed196cb69946a9249811ec

  • SSDEEP

    98304:nAwmylt6yvi0Wcl3Ama62GYWpQgBR1P1sIb6VnzkDIJKobTi:R/6H0LaG/v51sO4ADIkMT

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 9 IoCs
  • Modifies registry class 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Users\Admin\AppData\Local\Temp\73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe"
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:2856

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI29602\python27.dll

          Filesize

          2.5MB

          MD5

          ceb92a7366bd07a460c98303385ef9c4

          SHA1

          e91ef3e144ef17b6acc0c645caf0d4262b1f67dc

          SHA256

          cdbb2b0eb55004276cfdf563ee7a0fbdb3cacbf8609334847bd13c1833bb31bc

          SHA512

          6b24b5143b2fb95af6cf567b6ead27bee3f2b1e35727861385199e7f23edc3675423961a2d9a0ffbb686f1d2fc148f246f4381b1b3af0eecd7e8747dedb8088d

        • C:\Users\Admin\AppData\Local\Temp\_MEI29~1\_hashlib.pyd

          Filesize

          1.1MB

          MD5

          55a29ec9721c509a5b20d1a037726cfa

          SHA1

          eaba230581d7b46f316d6603ea15c1e3c9740d04

          SHA256

          dbdcf9e8cba52043b5246ad0d234da8ba4d6534b326bbbb28a6a391edf6fa4ce

          SHA512

          e1a2993d4dd5f2e81f299fe158ee6d1f8ef95983113c9bea9a087e42205ff06ac563762de5a0b70b535efe8cf9f980ffc14c1318aaf58de3644277e3602e0ab3

        • \Users\Admin\AppData\Local\Temp\_MEI29~1\_ctypes.pyd

          Filesize

          90KB

          MD5

          6daf8b55801a602f84d7d568a142459c

          SHA1

          57a80ca9621b282727d45caa5ae1c5e3c7e93f60

          SHA256

          66d0cb13569e9798b04c5d049cff25bd4c7c8e7ddd885b62f523d90a65d0ce88

          SHA512

          abb1c17aea3edb46c096ca3d8cbf74c9dccad36a7b83be8cf30697760ad49f3bd3a38dc4ff1f0b715ad7996c3a23ea1c855fffd62af01d15935abc73378dcc2e

        • \Users\Admin\AppData\Local\Temp\_MEI29~1\_socket.pyd

          Filesize

          45KB

          MD5

          3986998b3753483f8b28c721fef6f8e4

          SHA1

          2ef3c0fac94c85276721ee2980f49b1bafef597d

          SHA256

          cbc23d6c2e3e2950452c7d255da1452338301a4c9a0b09eba83287709d2a5000

          SHA512

          258e2805440b36e20702c1447597698ef18a5a7f890cfece55bd4f797073c87e7bde659db3e2474e9b998213d76e2c3d5221659c6827237e06b3b6f4b3643ae6

        • \Users\Admin\AppData\Local\Temp\_MEI29~1\_ssl.pyd

          Filesize

          1.4MB

          MD5

          9be53b53c1ec6b56663f45464edfcde9

          SHA1

          f8f5dd5640d594a2b53f5bbd12893c11cf4b7d55

          SHA256

          b572bf14ca3d3e5158b89314b6fe2129a753edaca1958e252784561f33f9ecda

          SHA512

          a52727b54a03246b74460a2741324b371ccaa083a4f3123fd1175a3061d3b6707ddbaaa73b3e39435cffd8d3018ee2dee8bad6c58a17faa55b6d05a3b38ee78b

        • \Users\Admin\AppData\Local\Temp\_MEI29~1\bz2.pyd

          Filesize

          69KB

          MD5

          813c016e2898c6a2c1825b586de0ae61

          SHA1

          7113efcccb6ab047cdfdb65ba4241980c88196f4

          SHA256

          693dfc5ccb8555a4183d4e196865ef0a766d7e53087c39059d096d03d6f64724

          SHA512

          dbb4add301ea127669d5dac4226ce0f5d6e5b2e50773db5c8083a9045a3cba0fcf6ea253a1183a4c87752bd3c5eb84128103a6d8ade71a7e410831b826d323ad

        • \Users\Admin\AppData\Local\Temp\_MEI29~1\psutil._psutil_windows.pyd

          Filesize

          51KB

          MD5

          a111ff7c807b19406da97c7df827a789

          SHA1

          2753625ca7112a4a785a594473d534892adb55f1

          SHA256

          8d178f3ff30f972f182056cc96faeff26b9bbaea0666ed7e13d3ec2c30765d92

          SHA512

          fafdf88d9c0b363c047461bb9a6e44481b5c44ad868d59773805f73b4e4cb4488591e4421b48eb7cd18d9640fae03505cbb5ee78dbd8c61dcb6443ab51da6f0f

        • \Users\Admin\AppData\Local\Temp\_MEI29~1\select.pyd

          Filesize

          10KB

          MD5

          e6ecff0d1588fed3a61edc1a1a5eb9bb

          SHA1

          2a3913a69dbdda8aefbe1f290753435979791a37

          SHA256

          345969d43b33717415bd5796d5a7b266592dc79a96543714828ff8fc1f249d18

          SHA512

          f59b356833840126f31f70ddb0e7f661db8528d82aa9450e299b81fe5adda35d44f3bceb52fb27e6843cf497211470f439a232c73245f8c606b31cb13322cd6f

        • \Users\Admin\AppData\Local\Temp\_MEI29~1\unicodedata.pyd

          Filesize

          671KB

          MD5

          a46e180e03ab5c2d802b8e6214067500

          SHA1

          5de5efbce2e6e81b6b954b843090b387b7ba927e

          SHA256

          689e5061cefda6223477a6a05906a500d59bd1b2a7458730b8d43c9d3b43bdba

          SHA512

          68bd7ae714fb4f117eb53a0fb968083772aaeaa6428ae8510e5c109361b140c98415a1955fca49db3e9e1b6ae19909e9c50110f499306476d01141c479c16335