Analysis

  • max time kernel
    1s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-06-2024 04:05

General

  • Target

    99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe

  • Size

    10.0MB

  • MD5

    99ed70c894f5c6ed27fed79d75d023fe

  • SHA1

    81a06006db50c1eadcf6c10616dcda5e5bf5935e

  • SHA256

    b1bde404044173c81f469585e38c9cf52cb32f9dd15aa781995045af7bd9910d

  • SHA512

    cac1b560e6054cfdefc93c433365d74d3713c918809aeaa83106537c5eb9695be24291792543762cfdcb43fcc70066f3ce716fe0293005cb1130f4c201b70612

  • SSDEEP

    196608:d+xLg39onJ5hrZERVM+ENFJzFcguY48RmU/3ZlsPv+W25DT558Cx+clYtgFVR4/i:4S9c5hlERVMRFJzFcguYtN3ZW7YP+cl0

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe"
    1⤵
      PID:2748
      • C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe"
        2⤵
          PID:3584

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\VCRUNTIME140.dll

        Filesize

        99KB

        MD5

        18571d6663b7d9ac95f2821c203e471f

        SHA1

        3c186018df04e875d6b9f83521028a21f145e3be

        SHA256

        0b040a314c19ff88f38fd9c89dca2d493113a6109adb8525733c3f6627da888f

        SHA512

        c8cbca1072b8cb04f9d82135c91ff6d7a539cb7a488671cecb6b5e2f11a4807f47ad9af5a87ebee44984ab71d7c44fc87850f9d04fd2c5019ec1b6a1b483ca21

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\_bz2.pyd

        Filesize

        84KB

        MD5

        fc0d862a854993e0e51c00dee3eec777

        SHA1

        20203332c6f7bd51f6a5acbbc9f677c930d0669d

        SHA256

        e5de23dbac7ece02566e79b3d1923a8eeae628925c7fb4b98a443cad94a06863

        SHA512

        b3c2ade15cc196e687e83dd8d21ce88b83c8137a83cfc20bc8f2c8f3ab72643ef7ca08e1dc23de0695f508ba0080871956303ac30f92ab865f3e4249d4d65c2f

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\_ctypes.pyd

        Filesize

        123KB

        MD5

        8adb1345c717e575e6614e163eb62328

        SHA1

        f1ee3fff6e06dc4f22a5eb38c09c54580880e0a3

        SHA256

        65edc348db42347570578b979151b787ceebfc98e0372c28116cc229494a78a8

        SHA512

        0f11673854327fd2fcd12838f54c080edc4d40e4bcb50c413fe3f823056d189636dc661ea79207163f966719bf0815e1ffa75e2fb676df4e56ed6321f1ff6cae

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\_hashlib.pyd

        Filesize

        45KB

        MD5

        5fa7c9d5e6068718c6010bbeb18fbeb3

        SHA1

        93e8875d6d0f943b4226e25452c2c7d63d22b790

        SHA256

        2e98f91087f56dfdffbbdd951cd55cd7ea771cec93d59cadb86b964ed8708155

        SHA512

        3104aa8b785740dc6a5261c27b2bdc6e14b2f37862fa0fba151b1bc1bfc0e5fb5b6934b95488fa47c5af3fc2b2283f333ff6517b6f8cf0437c52cf171da58bf5

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\_lzma.pyd

        Filesize

        158KB

        MD5

        60e215bb78fb9a40352980f4de818814

        SHA1

        ff750858c3352081514e2ae0d200f3b8c3d40096

        SHA256

        c4d00582dee45841747b07b91a3e46e55af79e6518ec9f0ce59b989c0acd2806

        SHA512

        398a441de98963873417da6352413d080620faf2ae4b99425d7c9eaf96d5f2fdf1358e21f16870bdff514452115266a58ee3c6783611f037957bfa4bcec34230

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\_queue.pyd

        Filesize

        27KB

        MD5

        1fc2c6b80936efc502bfc30fc24caa56

        SHA1

        4e5b26ff3b225906c2b9e39e0f06126cfc43a257

        SHA256

        9c47a3b84012837c60b7feced86ed0a4f12910a85fd259a4483a48cd940e3514

        SHA512

        d07655d78aca969ccc0d7cedf9e337c7b20082d80be1d90d69c42be933fbab1c828316d2eb5461ded2ff35e52762e249fc0c2bccbc2b8436488fb6a270d3d9ee

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\_socket.pyd

        Filesize

        77KB

        MD5

        1d53841bb21acdcc8742828c3aded891

        SHA1

        cdf15d4815820571684c1f720d0cba24129e79c8

        SHA256

        ab13258c6da2c26c4dca7239ff4360ca9166ea8f53bb8cc08d2c7476cab7d61b

        SHA512

        0266bcbcd7ca5f6c9df8dbeea00e1275932dacc38e5dd83a47bfbb87f7ca6778458a6671d8b84a63ae9216a65975da656ba487ac28d41140122f46d0174fa9f9

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\_ssl.pyd

        Filesize

        150KB

        MD5

        84dea8d0acce4a707b094a3627b62eab

        SHA1

        d45dda99466ab08cc922e828729d0840ae2ddc18

        SHA256

        dcf6b3ff84b55c3859d0f176c4ce6904c0d7d4643a657b817c6322933dbf82f6

        SHA512

        fdaa7eb10f8bf7b42a5c9691f600eff48190041a8b28a5dab977170db717fff58dd0f64b02ca30d274552ff30ee02a6577f1465792cf6760366c2588bf373108

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\base_library.zip

        Filesize

        761KB

        MD5

        5d056dfde421c87a84a716767d601536

        SHA1

        e509010843f69f94a2ac0e70984d472273c052a0

        SHA256

        dbb25670cbe62b0e8cd0963eef5ee4b96028aed3eb5b2bf407a01c39ec8743ad

        SHA512

        765270eef8eac595836a2f14cb9a6dd45f300224f5d834c4c947756bb0c32b5d19068ef5d2e2d42cc76c4d14be8b00a17db5b2c61e668241685e35a32c08dac2

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\certifi\cacert.pem

        Filesize

        275KB

        MD5

        c760591283d5a4a987ad646b35de3717

        SHA1

        5d10cbd25ac1c7ced5bfb3d6f185fa150f6ea134

        SHA256

        1a14f6e1fd11efff72e1863f8645f090eec1b616614460c210c3b7e3c13d4b5e

        SHA512

        c192ae381008eaf180782e6e40cd51834e0233e98942bd071768308e179f58f3530e6e883f245a2630c86923dbeb68b624c5ec2167040d749813fedc37a6d1e6

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\libcrypto-1_1.dll

        Filesize

        3.2MB

        MD5

        cc4cbf715966cdcad95a1e6c95592b3d

        SHA1

        d5873fea9c084bcc753d1c93b2d0716257bea7c3

        SHA256

        594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

        SHA512

        3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\libffi-7.dll

        Filesize

        32KB

        MD5

        eef7981412be8ea459064d3090f4b3aa

        SHA1

        c60da4830ce27afc234b3c3014c583f7f0a5a925

        SHA256

        f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

        SHA512

        dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\libssl-1_1.dll

        Filesize

        673KB

        MD5

        bc778f33480148efa5d62b2ec85aaa7d

        SHA1

        b1ec87cbd8bc4398c6ebb26549961c8aab53d855

        SHA256

        9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843

        SHA512

        80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\python38.dll

        Filesize

        3.6MB

        MD5

        a3e17bf41b447cc4d71b529addfe0002

        SHA1

        be136843714e7c0cf8ecfe1372ad49fa47d7efa2

        SHA256

        8e7e8142666583e547bc0832e44df5e13d4f0a459c8866be90f7656eef034ac3

        SHA512

        e5fa4d52d44cec760bde56ae1def18bcd916a533b1b8cde87ef15b8587eb472934e3d92713797da817572ac0688adf7b43da78747211a9382e46f8a7654b7967

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\python38.dll

        Filesize

        3.4MB

        MD5

        27a4be239540dc97c90e963e82b2b1dd

        SHA1

        afe3a3d520e178a39ee6a39958b90bc5aa48f636

        SHA256

        44f59a18c12192289db4135c3c467776da6a2b728df3dbd17b269c6526870097

        SHA512

        78898219140c269e182267fd72cc5d66794b96159f2285dd220b423f885c7c2f22a832aa7dbd5db400f749eae3dd25487e9387dd2fab00d3f2df9092233193e5

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\select.pyd

        Filesize

        26KB

        MD5

        a2ab334e18222738dcb05bf820725938

        SHA1

        2f75455a471f95ac814b8e4560a023034480b7b5

        SHA256

        7ba95624370216795ea4a087c326422cfcbccc42b5ada21f4d85c532c71afad7

        SHA512

        72e891d1c7e5ea44a569283b5c8bd8c310f2ee3d3cc9c25c6a7d7d77a62cb301c822c833b0792c3163cf0b0d6272da2f667e6bc74b07ed7946082433f77d9679

      • C:\Users\Admin\AppData\Local\Temp\_MEI27482\unicodedata.pyd

        Filesize

        1.0MB

        MD5

        549c9eeda8546cd32d0713c723abd12a

        SHA1

        f84b2c529cff58b888cc99f566fcd2eba6ff2b8e

        SHA256

        5d5e733397ef7c4946cf26c84b07312cb12eaf339374613d4381e694ef38169b

        SHA512

        9432daf045bac3e322b1797f49afe50f76faf8b7d8db063a1d56578016c813881af3324e2529032a8644a04b58ccc9d2c363bf92b56115f06b9eefebfab08180