810a6861b4261529e773df751971833a9cf30101f3b953d65bd5928e0863507c

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
Size

10.0MB
MD5

78d23b86826dba1008dd8e50e285f94a
SHA1

2da1952c7c2264ca257d1c52f598c62e728b9ac0
SHA256

810a6861b4261529e773df751971833a9cf30101f3b953d65bd5928e0863507c
SHA512

5c0303b00f40fb0d3059c2142f48d10a9a73fd7bc03027c61a1e97ba1e3c307f57919ac576538a3dfd5b1be4227fe106feb1bc2c6778435ae205981d6ce9de66
SSDEEP

196608:zFkiOI69AbiU75S+eSGJDT/w1IL3IXJ3KD0dyWRFCZwxD9uJpgbXPQoes/b:yU7IZT/h3IBS0dyywZ09vXos/

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 10 IoCs

Processes:

78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe

pid	process
3060	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
3060	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
3060	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
3060	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
3060	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
3060	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
3060	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
3060	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
3060	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
3060	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe

pid process

3060 78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe

pid process

3060 78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
3060 78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe

description	pid	process	target process
PID 3056 wrote to memory of 3060	3056	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
PID 3056 wrote to memory of 3060	3056	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
PID 3056 wrote to memory of 3060	3056	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe	78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3056

C:\Users\Admin\AppData\Local\Temp\78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\78d23b86826dba1008dd8e50e285f94a_JaffaCakes118.exe"
2⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3060

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30562\MSVCR90.dll
Filesize
627KB

MD5
7ddab8ef0f7a7d95ae61f4dd4c573d63

SHA1
33b656c92fead8ab4fdcbaca54a1885110cc75c3

SHA256
145a83783838b33026648c63939f9855dac9c285dbf2fa53ed6ab0bcd1701f3b

SHA512
fb720ee53a065c45e239996fe9d26e2a9ddb770d8a2f0b7dae2b19c83618adf791790f55c2441acdb4bd0b94575e8e213a1d4995559ae046af6be4f7e284b0cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30562\Mortal Kombat 11 Setup.exe.manifest
Filesize
1KB

MD5
5b302528dd3031769028282a169c3daf

SHA1
ee094851716934f50ad145a0f3049f452b89971b

SHA256
de5d3eddf83873dfb3604fd349b9b3fb1140197ce8bdaff512e64c02388d8687

SHA512
a3903c9513daa4f8e146543e44e82168e39e3503f49820a329be78ce91c07d1ffc041f151f69f7aa506aa3acfb47b5db853335209cf454aba3df76763911b962

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30562\python27.dll
Filesize
3.2MB

MD5
982d46d57a3f529fc9535ede69d40339

SHA1
ca314d7c695bcd094ac1d0b590032be745bb134b

SHA256
4f7e01ff16197bd13c06ad789ec9dc986bd3f3d68e310ad5a92d81024e70a5f2

SHA512
a0adca8a19f5e55adb9ec673e998ca91a30c0a47e6d3cf73e995c37ad55715ff8f07c9db85c899eabec93a2b3719ec639a9375fdb191074cb2bd204093101b20

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30~1\Mortal Kombat 11.jpg
Filesize
82KB

MD5
a56c932dbe125e4283429837310c02cb

SHA1
e60c5291b63f1a180b30c2f967de729204774982

SHA256
bf3819bed32175a50a9310ed4e17671358b8f4498720e7de06918c28fcfdae2f

SHA512
2e544adb7de823f5d998dcdb8a3288b142a3ad7980f583dbfebce4252c8265becb814eac8741bfc3658d5f58a8fbae67a732013d9fd7e8f80f3d90c195f6cf27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30~1\_hashlib.pyd
Filesize
1.4MB

MD5
5af923146b2224a468044e5e215cf3c5

SHA1
23faf7f46072746443c8ef5c5b26d050fd612a21

SHA256
0c9013b02b5bbcd694300c230b310179588191f6154398d10b86f972b5a946ac

SHA512
d1a1029c44f52729cfa066dc19cc927aae7d070a227850a1051da27f08ba7654717f1d35946642ca3af3c6c37249dfa58447fb9544d102ae5d1bccd665bc0da6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30~1\bad.png
Filesize
940B

MD5
2ba096963e1c527a42a6e8d3597c05d6

SHA1
7248808fe866ad0db48e21f6b0a3a673738f7edd

SHA256
8e3434053274efe365df95bc33a3415e44076a95ab4065b994fbf08c8fd09544

SHA512
21bdd4858716416b85004c68f9c59a1c115155f35f72cbb5372b08847e9eb82c80e0ca1ac2f1d8210492df35e3758e7ee46fb10c8e214615d5897984cffc74d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30~1\eula.txt
Filesize
1KB

MD5
7a1d7c74e7827d54a75fba2e70df3e32

SHA1
efab92f85326ea7c9e6c64390cdbc686e2e25c8d

SHA256
a336e786f1493b41a080fcb50d8da1059d669608bc6a24819921fb5c07f99067

SHA512
e837761374f2466c16821b371ab656dcc2ef27cd00e4f3cabd30ca24d86e63f693f0be7e0e098f34382c08734aff335acbf20d21a75a939fc7e8d52cd22ad44b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30~1\folder.png
Filesize
2KB

MD5
14d0fc80cab977c9dbd106c71d3df562

SHA1
5f3a4aa9c65d20eeb635bab56dd65007a34df319

SHA256
672bf4a66aa4782f620d1039d785d19fd019cd5f3346d802c1e05f7a9e585ef1

SHA512
1b54680c462cca5275b9d8d2d691c31f8772a9cd89f88ab4cb93aa7f40a2f6e0ec397b49dd9a93ca92f0fbe2cffe1fec45a25de3b68ed3085e619fb6376e390b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30~1\installer.ico
Filesize
2KB

MD5
05b6d3e24446f730b3988afacee69d87

SHA1
9b4269b6350b6855f985c6042d98b8e8d9fd8d4f

SHA256
2a444d2cb01fdf213c55bb0dfbb089f4aa88168b493d85430bf0853a1cf60dfc

SHA512
7d912686d4749a01559d639babf6cef41480f46b6167f7769ebf043271b1c703155faf038ec47f88fddc34d5abaac20123db65d266f31aa1976efc8b00a753f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30~1\instd.jpeg
Filesize
15KB

MD5
e3b9de212012e2abc1fe8aa7320fca42

SHA1
65c58e1411a1909049c7f10a3b4895b04f9408d0

SHA256
59f88f7d2a2ebe37f70600631f72820d5d6a098113e03e9dc2c43c65d397c0e0

SHA512
77c2f4bb8572992d14125e6813e4fcd8576a5a3bcb7438889e07096163965331267dfc81f9b3a8d693ea1d9c60452e9923efa0f933a048611746187840181a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30~1\ok.png
Filesize
938B

MD5
0e4a4d7a5a359cf6bbfd832ba0cbb027

SHA1
94c7e65c60e5cf833c233f0cadbf2372443dd2b9

SHA256
041a2fed8af4bb47dd38b03de9ab8dbe6bfdd6f438d9cd2f401b54adef9a929a

SHA512
1a97d4f381e7512b0e69305ad9b77885f67b8e14126b825f347f664530434aeed9b22bef61ee195c2789b81c2894372d4289b63276e0cbb4f9f6cfefa8159263

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30~1\wx._core.pyd
Filesize
7.4MB

MD5
48e4bb70b3da19163cee70afe823fac9

SHA1
a7d31ee5c403c483021c3d5bbaa19f4f205486f9

SHA256
06416b7679c22039acfdcd1f5e8f928d05f48c5cb9e627274e94813625be0072

SHA512
0dcd5dbe3da8ee6a2d567b773bada95656c364f7a1e0e34d524493e890bfef589e0e7866922f590445f58b54dfa710ea71bbe92ead58738f9b7786d8e377b88f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30~1\wxbase30u_vc90_x64.dll
Filesize
2.7MB

MD5
612bba96a78ebf22f2a0d3579547106a

SHA1
ded070653ef27ec985492a9fd9d5be143b5c1d81

SHA256
e0534bfd7a6f0600fe8f247b05a6081d6d28b5275e3d1fa44e3370c4bfbcc2eb

SHA512
298ddc25a09f8a70297bc7ce6ae4eb0d876a1030f3f5f5e73b9d23ff1108208a9ca9f8d4ffb1f1f7005b415185856b8e9ad242d4ee3c2768b89cc02268bec1af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30~1\wxmsw30u_core_vc90_x64.dll
Filesize
6.3MB

MD5
7ebbb35679ed80a7c8288973fd2e903c

SHA1
04fdc0c8836c8e8d1df0aab87eb84937da553ac3

SHA256
b3c1e53e6d160244612d45bdd551da5f02dca7f5b4a67f12bbb1d4e509c262b2

SHA512
f5d99af9a20530e441c39627cc0faa5fb4669d3f864941c0386da390d74c2b6cf4f888c12dda7cf4d547fbba6a2cbc1612e51fb0e89c44129c7f67884ef5294d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30~1\msvcp90.dll
Filesize
834KB

MD5
427526e6f94143509899613960017b5f

SHA1
ad25b172b2b352232c1ea1a3ef16650375920036

SHA256
80d74435e7f2b03d5d8f446fa461a160abadb0264c24c095ca23fc96fd959fe0

SHA512
63e70332f6b989a38ecff4b47d91f78b53573fc5e75475bf80c8a763fc084cec58f5fd59c883d5fec542c6be3faed60e1872226cfc88c749e75754c0a1fffe78

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30~1\wx.siplib.pyd
Filesize
115KB

MD5
4403a2a67335dc04a271d3aa0bb01324

SHA1
8dbc8fdf6109689dd0e5bd9d4c81c2fe1c0b718b

SHA256
0e875a4392fff1f2fd5c879c378f771e118bfb668d055e1a169212a24b142848

SHA512
e1d41f016679efdba3030e2e39bc83bcbcbeda2f55ddfdc0f4d94667dd818d09bb596fe9ca840df85a48a1382e7876f99618596fd993ba4204ef7f5c27d6915e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30~1\wxbase30u_net_vc90_x64.dll
Filesize
198KB

MD5
9330c21d9895d04a06477834ae2b7f85

SHA1
07a937045f74356293266d81852538281f40b0a4

SHA256
20dfe2378a23d10e3c712bab616a173d5fb4252857907883e96643e20779e0dc

SHA512
fd725ba2f4d4eda9ba6f6b36c35d9fbf1a961921181792f6db406dfba079144040484da97f0c854c1548ba982e65c272643f8066e2de65810960ae53e767004b

Download Submit
memory/3060-43-0x0000000180000000-0x0000000180768000-memory.dmp

Filesize
7.4MB

Download
memory/3060-33-0x0000000002350000-0x000000000260D000-memory.dmp

Filesize
2.7MB

Download
memory/3060-37-0x0000000002610000-0x00000000026B3000-memory.dmp

Filesize
652KB

Download
memory/3060-40-0x0000000001BE0000-0x0000000001C17000-memory.dmp

Filesize
220KB

Download