Analysis

  • max time kernel
    0s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    06-06-2024 04:05

General

  • Target

    99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe

  • Size

    10.0MB

  • MD5

    99ed70c894f5c6ed27fed79d75d023fe

  • SHA1

    81a06006db50c1eadcf6c10616dcda5e5bf5935e

  • SHA256

    b1bde404044173c81f469585e38c9cf52cb32f9dd15aa781995045af7bd9910d

  • SHA512

    cac1b560e6054cfdefc93c433365d74d3713c918809aeaa83106537c5eb9695be24291792543762cfdcb43fcc70066f3ce716fe0293005cb1130f4c201b70612

  • SSDEEP

    196608:d+xLg39onJ5hrZERVM+ENFJzFcguY48RmU/3ZlsPv+W25DT558Cx+clYtgFVR4/i:4S9c5hlERVMRFJzFcguYtN3ZW7YP+cl0

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe"
    1⤵
      PID:2172
      • C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe"
        2⤵
          PID:1292

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_MEI21722\_bz2.pyd

        Filesize

        84KB

        MD5

        fc0d862a854993e0e51c00dee3eec777

        SHA1

        20203332c6f7bd51f6a5acbbc9f677c930d0669d

        SHA256

        e5de23dbac7ece02566e79b3d1923a8eeae628925c7fb4b98a443cad94a06863

        SHA512

        b3c2ade15cc196e687e83dd8d21ce88b83c8137a83cfc20bc8f2c8f3ab72643ef7ca08e1dc23de0695f508ba0080871956303ac30f92ab865f3e4249d4d65c2f

      • C:\Users\Admin\AppData\Local\Temp\_MEI21722\_ctypes.pyd

        Filesize

        123KB

        MD5

        8adb1345c717e575e6614e163eb62328

        SHA1

        f1ee3fff6e06dc4f22a5eb38c09c54580880e0a3

        SHA256

        65edc348db42347570578b979151b787ceebfc98e0372c28116cc229494a78a8

        SHA512

        0f11673854327fd2fcd12838f54c080edc4d40e4bcb50c413fe3f823056d189636dc661ea79207163f966719bf0815e1ffa75e2fb676df4e56ed6321f1ff6cae

      • C:\Users\Admin\AppData\Local\Temp\_MEI21722\_hashlib.pyd

        Filesize

        45KB

        MD5

        5fa7c9d5e6068718c6010bbeb18fbeb3

        SHA1

        93e8875d6d0f943b4226e25452c2c7d63d22b790

        SHA256

        2e98f91087f56dfdffbbdd951cd55cd7ea771cec93d59cadb86b964ed8708155

        SHA512

        3104aa8b785740dc6a5261c27b2bdc6e14b2f37862fa0fba151b1bc1bfc0e5fb5b6934b95488fa47c5af3fc2b2283f333ff6517b6f8cf0437c52cf171da58bf5

      • C:\Users\Admin\AppData\Local\Temp\_MEI21722\base_library.zip

        Filesize

        128KB

        MD5

        23cf994e3ba4cc9d22af3a66be591b18

        SHA1

        6b260f51b58c97e68d49062cf77a3cd1eeac9272

        SHA256

        b63589089cf0b514318ff982a66d1f470ca4c1784132d40398f9f3a29d4f6a9d

        SHA512

        963daa1f0768661f99edca13e82e8239b41e972d5205d40bf824bdb55b1936d5131125f88f3689980abb397f97b7117f0d66ee1401d3168d4f5036b347a23e55

      • C:\Users\Admin\AppData\Local\Temp\_MEI21722\certifi\cacert.pem

        Filesize

        128KB

        MD5

        18f2aee20e5a68db38f5650fe342a9c8

        SHA1

        f5a8670ce9a300be4a90121a40f4d711d836c83b

        SHA256

        b4b943ecac862996fae22b8638380b840eed4aa1aa1244ea42c780925879ad1a

        SHA512

        43b779736a003b268a30d50e06d0ca4d838a2a99595aaaab75cc8942f363248ae3b93511bb7c85e475be2a54fecef1e7f1a9ae952e67918a8e971bd1a72465ae

      • C:\Users\Admin\AppData\Local\Temp\_MEI21722\libssl-1_1.dll

        Filesize

        448KB

        MD5

        c8b89f7e89d35e56a8b473ae61076d30

        SHA1

        1ff6f464b771a4486c86b16c57d26629c24f5712

        SHA256

        9fa125535fc65df0fe0558dd2cb0fbd479911e4b0cea12c9d8fe44f01d404210

        SHA512

        553a6d0b93cdacac3d8dc3c2e0cd263d6557e76b97e58988134c003bbde343a3232c0d019dccad3d86b7e6be379f3f1a4929d9cbf5cd2b13f0dca1e5044340e7

      • C:\Users\Admin\AppData\Local\Temp\_MEI21722\python38.dll

        Filesize

        448KB

        MD5

        656ca0c58d2b3b5cf552b43add8a6c2e

        SHA1

        cd2149e581b68166d73a9e7cdf26b2a9c466f0b1

        SHA256

        f60cf8c4f320754b8654e3ce2b07fae572df78fba8be145683d0153009f815e7

        SHA512

        d556dc3d9966164e3972cd163657417f060bd960d378a3bc61f5944683867f5b4f2db9bae7cfe434f5cd701d62a9e5c29e1a4ba71e8404dc13cb59b6279fe2e6

      • C:\Users\Admin\AppData\Local\Temp\_MEI21722\unicodedata.pyd

        Filesize

        128KB

        MD5

        b3a3f8bc51776a393fa1ad1e5cc72b3f

        SHA1

        aa63ff92577df2f4c17cba6c6c0979580c4050e6

        SHA256

        bcc5978a40198ff9f3fdb5b709e3f591ee344b038acb0d8cccee789257e41b18

        SHA512

        7690b7091fc467cbc93c01f83c1f189d6c6a8f1af16a9f120bc5d2991c3e7964c9dafd93d0ddb92e8abf43029f7496c21a964bccc340b8de14330170e7d54a2a

      • \Users\Admin\AppData\Local\Temp\_MEI21722\VCRUNTIME140.dll

        Filesize

        99KB

        MD5

        18571d6663b7d9ac95f2821c203e471f

        SHA1

        3c186018df04e875d6b9f83521028a21f145e3be

        SHA256

        0b040a314c19ff88f38fd9c89dca2d493113a6109adb8525733c3f6627da888f

        SHA512

        c8cbca1072b8cb04f9d82135c91ff6d7a539cb7a488671cecb6b5e2f11a4807f47ad9af5a87ebee44984ab71d7c44fc87850f9d04fd2c5019ec1b6a1b483ca21

      • \Users\Admin\AppData\Local\Temp\_MEI21722\_lzma.pyd

        Filesize

        128KB

        MD5

        314e4e27763aa05a45ef45bd0e55eda2

        SHA1

        2e0bf51f3b7ceb740630a736e64dd4de2ab2ba4b

        SHA256

        387308e340cee4367803c62f86083789064f6aee44017627102ab6518755c87b

        SHA512

        e8d9195a70b711ae562ac18a2008b36d03406573a4199f9917015527e430663eab438c70f458ee5baa8b8b8961832150841a31ac26744074d2857985e9ea6cd3

      • \Users\Admin\AppData\Local\Temp\_MEI21722\_queue.pyd

        Filesize

        27KB

        MD5

        1fc2c6b80936efc502bfc30fc24caa56

        SHA1

        4e5b26ff3b225906c2b9e39e0f06126cfc43a257

        SHA256

        9c47a3b84012837c60b7feced86ed0a4f12910a85fd259a4483a48cd940e3514

        SHA512

        d07655d78aca969ccc0d7cedf9e337c7b20082d80be1d90d69c42be933fbab1c828316d2eb5461ded2ff35e52762e249fc0c2bccbc2b8436488fb6a270d3d9ee

      • \Users\Admin\AppData\Local\Temp\_MEI21722\_socket.pyd

        Filesize

        77KB

        MD5

        1d53841bb21acdcc8742828c3aded891

        SHA1

        cdf15d4815820571684c1f720d0cba24129e79c8

        SHA256

        ab13258c6da2c26c4dca7239ff4360ca9166ea8f53bb8cc08d2c7476cab7d61b

        SHA512

        0266bcbcd7ca5f6c9df8dbeea00e1275932dacc38e5dd83a47bfbb87f7ca6778458a6671d8b84a63ae9216a65975da656ba487ac28d41140122f46d0174fa9f9

      • \Users\Admin\AppData\Local\Temp\_MEI21722\_ssl.pyd

        Filesize

        128KB

        MD5

        4e59777bd94763f1cf87df56f553e197

        SHA1

        adcd545714895179fb220076da1daa4c90e56d72

        SHA256

        98e7cf4b521b45f3005523438b4f423486927543eea1c1400732e075769b50cf

        SHA512

        b8b81a4d38888aee62d0655a4e5486fdfea2baa1ad186129d9a184a0a6d6bd5a62bfbc637ca83f2071f71511dd680816f013f10501c84ecfbea6719b7d3534f4

      • \Users\Admin\AppData\Local\Temp\_MEI21722\libcrypto-1_1.dll

        Filesize

        128KB

        MD5

        d54cdcd58ea8c378361ad037854375a3

        SHA1

        0f45b990a0ac80b927219cf3f767d61f76f5fcbe

        SHA256

        b45b8e6137f7100f0e671ae69a14220468dd1ca40c9aeb7c93a93319e6a4ae46

        SHA512

        6a63169fb1537e7301fc7f106ae769dbfbcb13174271577fc8b295dc5a7956d65923f82879c1848a19c7122c16e69f0dd4826d24150344ac2bc705b57d2247ba

      • \Users\Admin\AppData\Local\Temp\_MEI21722\libffi-7.dll

        Filesize

        32KB

        MD5

        eef7981412be8ea459064d3090f4b3aa

        SHA1

        c60da4830ce27afc234b3c3014c583f7f0a5a925

        SHA256

        f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

        SHA512

        dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

      • \Users\Admin\AppData\Local\Temp\_MEI21722\libssl-1_1.dll

        Filesize

        128KB

        MD5

        98fdb19331fc434823edb0abc8e28a94

        SHA1

        96fd0d570066c21637a96254d82e8a50aa9030a2

        SHA256

        82c4f3debbec1a510be109dbf5b348cb6add497436286e1e3decebc2bd852fb4

        SHA512

        be8c64dea2c683e5cce53fc8912afb8a7dbe571e3e08b627d16490fc88ae896d1f94e5ff64feacc9c29bbb560d6cdd5dc26d75558f77c425b26b74c380c05716

      • \Users\Admin\AppData\Local\Temp\_MEI21722\python38.dll

        Filesize

        192KB

        MD5

        738286431604120e1429392304c3504a

        SHA1

        a57444b10d55638c35679ca999332f8e098e9984

        SHA256

        635e03254efaa4dadc436bf23f25a40309466c9d31f96605f84ab0ce80d9252d

        SHA512

        ac0f967ebbf43dc2ecb2bf86b72a40e19a5e808d6b1dda6e9e30c10828916a63c5539fa31c45d6d4a68c3b24198f767e2e677a5e483376156969a2d9331d01d1

      • \Users\Admin\AppData\Local\Temp\_MEI21722\select.pyd

        Filesize

        26KB

        MD5

        a2ab334e18222738dcb05bf820725938

        SHA1

        2f75455a471f95ac814b8e4560a023034480b7b5

        SHA256

        7ba95624370216795ea4a087c326422cfcbccc42b5ada21f4d85c532c71afad7

        SHA512

        72e891d1c7e5ea44a569283b5c8bd8c310f2ee3d3cc9c25c6a7d7d77a62cb301c822c833b0792c3163cf0b0d6272da2f667e6bc74b07ed7946082433f77d9679