Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
26-05-2024 19:44
Behavioral task
behavioral1
Sample
769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe
-
Size
4.7MB
-
MD5
769c2d567d7ba55b148888c511d11387
-
SHA1
67a3c612b08de092e8d508811677b8668a0ef72a
-
SHA256
f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6
-
SHA512
9953977fae38708e5d87732b0c71a130be7c5a59acfe9ccb478e2aa9e5aae18c7f735b2f6d83215124254d8f3cf6df78e98aef0f456d4c5209c86c11899913f7
-
SSDEEP
98304:aiMaRz3mTMYOOMu1SoVM9ZEX2/pXqYKXN44CTvEWZcUH5ceUY4DC1:95WOO9Rh+A1X6RRZceR4
Malware Config
Signatures
-
Loads dropped DLL 5 IoCs
Processes:
769c2d567d7ba55b148888c511d11387_JaffaCakes118.exepid process 2804 769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe 2804 769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe 2804 769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe 2804 769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe 2804 769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
769c2d567d7ba55b148888c511d11387_JaffaCakes118.exedescription pid process Token: 35 2804 769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
769c2d567d7ba55b148888c511d11387_JaffaCakes118.exedescription pid process target process PID 2428 wrote to memory of 2804 2428 769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe 769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe PID 2428 wrote to memory of 2804 2428 769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe 769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe PID 2428 wrote to memory of 2804 2428 769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe 769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe PID 2428 wrote to memory of 2804 2428 769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe 769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2428 -
C:\Users\Admin\AppData\Local\Temp\769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\769c2d567d7ba55b148888c511d11387_JaffaCakes118.exe"2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2804
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI24282\VCRUNTIME140.dllFilesize
81KB
MD5a2523ea6950e248cbdf18c9ea1a844f6
SHA1549c8c2a96605f90d79a872be73efb5d40965444
SHA2566823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4
SHA5122141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a
-
C:\Users\Admin\AppData\Local\Temp\_MEI24282\_ctypes.pydFilesize
100KB
MD5e23c5557d84d3528d9cdcdee0e78afd0
SHA16cf971e5d016c32bb3e82ac07d71ac1258678419
SHA25685491fff6cc61772948a1a92f329b2a9872ea16dd261011cfc1ef1a35fa5e6bb
SHA51218ed82907d45bc3fa6a0568b910610b1cc7ba8d7d3251dec341dcbd624361c3a4fff8d51ad4300e8453890553909ea7d58d3cd9b46a625f1245328d3757912b3
-
C:\Users\Admin\AppData\Local\Temp\_MEI24282\_socket.pydFilesize
62KB
MD56a57a7bf8124875687bc60f57f4a26d1
SHA1657dfd76df01cba4b590f29dcc1769c488f40787
SHA256a824a0df8ca068f889837c4da04fa65e90b2c71b6ab28b11827ea615dc697695
SHA5127adf5de1858588173af338b88807e00f04ce15b9ccf3ec028f271a49ac1ea96a1770d6fb5a7bf2f2e654d28a3fbde2deff16a38fb2d45e1dc6e508e868f36f27
-
C:\Users\Admin\AppData\Local\Temp\_MEI24282\base_library.zipFilesize
757KB
MD506a92547c48c7d9dcae13f12b0032133
SHA1d60d18bc97fab92029040a5bb29ecdce31d017ab
SHA2568e341b5e6a49fc15409578cd93daa39364956beb46ba6f91022e12b0a10ac0c1
SHA512011279cdd0db77a2686e515b659d35d0f008eb477ac7d8c1e20bce080de15a8a4c42e42c60a859fa156fe4ef586ef3351929450b909521056ccd10e9c9a69cfa
-
C:\Users\Admin\AppData\Local\Temp\_MEI24282\bypass.exe.manifestFilesize
1KB
MD56c224b69328579d437feab54a5a4d6a7
SHA1eb42c6a561ec558f86d2d3b5a044a7ca95e82b1f
SHA256da180c6fe4c38b2e1652e10fcbb52c95d4f87df91172f1447af0f9cb0a90f618
SHA5124e616ac25f8893433bfc14c5721ef94eb424f0bfd2a703de164cf8d05362e4436a584bb961db9e971b490ceb0217671689ec7915371ab63196a972856dbc3106
-
C:\Users\Admin\AppData\Local\Temp\_MEI24282\python36.dllFilesize
3.2MB
MD54ae29bdbc36bcad281034fb43247612e
SHA17bd80e6e58763aa6cd94eff31989ff5b732d8741
SHA256927b879e8877e332e7580944fcae65d767a894fbcbd968b2b57199800eaf98cf
SHA5125c679fea125ca933a00574050716f9eae2be80c46ce5080c69237eb851fd9b4f6f19a8dfdf6b389ddb493ae0a060e50bd70eff7a78499ba57d9b5ba0ac127633
-
C:\Users\Admin\AppData\Local\Temp\_MEI24282\select.pydFilesize
23KB
MD5ba320fb122df4277e24a6b60965ae48a
SHA18de41702f09cb13546ce3e8519b8689ef66621d5
SHA2561c4876e281eb1f77c7eda612ae4c91b311fab02b96a1061f915872633ff5501c
SHA512b11d43c545efdfcec399db38a3a13169c98ad1b782208afea816ffedb366ee1ce2c1ea24935887398c18bd3f537033695dfe774c8fd4ae0d687028f11c0524e9