Malware Analysis Report

2024-11-15 07:50

Sample ID 240606-enl88ahc29
Target 99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118
SHA256 b1bde404044173c81f469585e38c9cf52cb32f9dd15aa781995045af7bd9910d
Tags
pyinstaller
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

b1bde404044173c81f469585e38c9cf52cb32f9dd15aa781995045af7bd9910d

Threat Level: Shows suspicious behavior

The file 99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Looks up external IP address via web service

Detects Pyinstaller

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-06 04:05

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 04:05

Reported

2024-06-06 04:34

Platform

win7-20231129-en

Max time kernel

0s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe"

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.ipify.org udp
US 104.26.13.205:443 api.ipify.org tcp
US 8.8.8.8:53 discordapp.com udp
US 162.159.129.233:443 discordapp.com tcp

Files

\Users\Admin\AppData\Local\Temp\_MEI21722\VCRUNTIME140.dll

MD5 18571d6663b7d9ac95f2821c203e471f
SHA1 3c186018df04e875d6b9f83521028a21f145e3be
SHA256 0b040a314c19ff88f38fd9c89dca2d493113a6109adb8525733c3f6627da888f
SHA512 c8cbca1072b8cb04f9d82135c91ff6d7a539cb7a488671cecb6b5e2f11a4807f47ad9af5a87ebee44984ab71d7c44fc87850f9d04fd2c5019ec1b6a1b483ca21

C:\Users\Admin\AppData\Local\Temp\_MEI21722\_ctypes.pyd

MD5 8adb1345c717e575e6614e163eb62328
SHA1 f1ee3fff6e06dc4f22a5eb38c09c54580880e0a3
SHA256 65edc348db42347570578b979151b787ceebfc98e0372c28116cc229494a78a8
SHA512 0f11673854327fd2fcd12838f54c080edc4d40e4bcb50c413fe3f823056d189636dc661ea79207163f966719bf0815e1ffa75e2fb676df4e56ed6321f1ff6cae

\Users\Admin\AppData\Local\Temp\_MEI21722\select.pyd

MD5 a2ab334e18222738dcb05bf820725938
SHA1 2f75455a471f95ac814b8e4560a023034480b7b5
SHA256 7ba95624370216795ea4a087c326422cfcbccc42b5ada21f4d85c532c71afad7
SHA512 72e891d1c7e5ea44a569283b5c8bd8c310f2ee3d3cc9c25c6a7d7d77a62cb301c822c833b0792c3163cf0b0d6272da2f667e6bc74b07ed7946082433f77d9679

C:\Users\Admin\AppData\Local\Temp\_MEI21722\_bz2.pyd

MD5 fc0d862a854993e0e51c00dee3eec777
SHA1 20203332c6f7bd51f6a5acbbc9f677c930d0669d
SHA256 e5de23dbac7ece02566e79b3d1923a8eeae628925c7fb4b98a443cad94a06863
SHA512 b3c2ade15cc196e687e83dd8d21ce88b83c8137a83cfc20bc8f2c8f3ab72643ef7ca08e1dc23de0695f508ba0080871956303ac30f92ab865f3e4249d4d65c2f

C:\Users\Admin\AppData\Local\Temp\_MEI21722\_hashlib.pyd

MD5 5fa7c9d5e6068718c6010bbeb18fbeb3
SHA1 93e8875d6d0f943b4226e25452c2c7d63d22b790
SHA256 2e98f91087f56dfdffbbdd951cd55cd7ea771cec93d59cadb86b964ed8708155
SHA512 3104aa8b785740dc6a5261c27b2bdc6e14b2f37862fa0fba151b1bc1bfc0e5fb5b6934b95488fa47c5af3fc2b2283f333ff6517b6f8cf0437c52cf171da58bf5

C:\Users\Admin\AppData\Local\Temp\_MEI21722\unicodedata.pyd

MD5 b3a3f8bc51776a393fa1ad1e5cc72b3f
SHA1 aa63ff92577df2f4c17cba6c6c0979580c4050e6
SHA256 bcc5978a40198ff9f3fdb5b709e3f591ee344b038acb0d8cccee789257e41b18
SHA512 7690b7091fc467cbc93c01f83c1f189d6c6a8f1af16a9f120bc5d2991c3e7964c9dafd93d0ddb92e8abf43029f7496c21a964bccc340b8de14330170e7d54a2a

C:\Users\Admin\AppData\Local\Temp\_MEI21722\certifi\cacert.pem

MD5 18f2aee20e5a68db38f5650fe342a9c8
SHA1 f5a8670ce9a300be4a90121a40f4d711d836c83b
SHA256 b4b943ecac862996fae22b8638380b840eed4aa1aa1244ea42c780925879ad1a
SHA512 43b779736a003b268a30d50e06d0ca4d838a2a99595aaaab75cc8942f363248ae3b93511bb7c85e475be2a54fecef1e7f1a9ae952e67918a8e971bd1a72465ae

\Users\Admin\AppData\Local\Temp\_MEI21722\_queue.pyd

MD5 1fc2c6b80936efc502bfc30fc24caa56
SHA1 4e5b26ff3b225906c2b9e39e0f06126cfc43a257
SHA256 9c47a3b84012837c60b7feced86ed0a4f12910a85fd259a4483a48cd940e3514
SHA512 d07655d78aca969ccc0d7cedf9e337c7b20082d80be1d90d69c42be933fbab1c828316d2eb5461ded2ff35e52762e249fc0c2bccbc2b8436488fb6a270d3d9ee

\Users\Admin\AppData\Local\Temp\_MEI21722\_lzma.pyd

MD5 314e4e27763aa05a45ef45bd0e55eda2
SHA1 2e0bf51f3b7ceb740630a736e64dd4de2ab2ba4b
SHA256 387308e340cee4367803c62f86083789064f6aee44017627102ab6518755c87b
SHA512 e8d9195a70b711ae562ac18a2008b36d03406573a4199f9917015527e430663eab438c70f458ee5baa8b8b8961832150841a31ac26744074d2857985e9ea6cd3

\Users\Admin\AppData\Local\Temp\_MEI21722\libssl-1_1.dll

MD5 98fdb19331fc434823edb0abc8e28a94
SHA1 96fd0d570066c21637a96254d82e8a50aa9030a2
SHA256 82c4f3debbec1a510be109dbf5b348cb6add497436286e1e3decebc2bd852fb4
SHA512 be8c64dea2c683e5cce53fc8912afb8a7dbe571e3e08b627d16490fc88ae896d1f94e5ff64feacc9c29bbb560d6cdd5dc26d75558f77c425b26b74c380c05716

C:\Users\Admin\AppData\Local\Temp\_MEI21722\libssl-1_1.dll

MD5 c8b89f7e89d35e56a8b473ae61076d30
SHA1 1ff6f464b771a4486c86b16c57d26629c24f5712
SHA256 9fa125535fc65df0fe0558dd2cb0fbd479911e4b0cea12c9d8fe44f01d404210
SHA512 553a6d0b93cdacac3d8dc3c2e0cd263d6557e76b97e58988134c003bbde343a3232c0d019dccad3d86b7e6be379f3f1a4929d9cbf5cd2b13f0dca1e5044340e7

\Users\Admin\AppData\Local\Temp\_MEI21722\libcrypto-1_1.dll

MD5 d54cdcd58ea8c378361ad037854375a3
SHA1 0f45b990a0ac80b927219cf3f767d61f76f5fcbe
SHA256 b45b8e6137f7100f0e671ae69a14220468dd1ca40c9aeb7c93a93319e6a4ae46
SHA512 6a63169fb1537e7301fc7f106ae769dbfbcb13174271577fc8b295dc5a7956d65923f82879c1848a19c7122c16e69f0dd4826d24150344ac2bc705b57d2247ba

\Users\Admin\AppData\Local\Temp\_MEI21722\_ssl.pyd

MD5 4e59777bd94763f1cf87df56f553e197
SHA1 adcd545714895179fb220076da1daa4c90e56d72
SHA256 98e7cf4b521b45f3005523438b4f423486927543eea1c1400732e075769b50cf
SHA512 b8b81a4d38888aee62d0655a4e5486fdfea2baa1ad186129d9a184a0a6d6bd5a62bfbc637ca83f2071f71511dd680816f013f10501c84ecfbea6719b7d3534f4

\Users\Admin\AppData\Local\Temp\_MEI21722\_socket.pyd

MD5 1d53841bb21acdcc8742828c3aded891
SHA1 cdf15d4815820571684c1f720d0cba24129e79c8
SHA256 ab13258c6da2c26c4dca7239ff4360ca9166ea8f53bb8cc08d2c7476cab7d61b
SHA512 0266bcbcd7ca5f6c9df8dbeea00e1275932dacc38e5dd83a47bfbb87f7ca6778458a6671d8b84a63ae9216a65975da656ba487ac28d41140122f46d0174fa9f9

\Users\Admin\AppData\Local\Temp\_MEI21722\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI21722\base_library.zip

MD5 23cf994e3ba4cc9d22af3a66be591b18
SHA1 6b260f51b58c97e68d49062cf77a3cd1eeac9272
SHA256 b63589089cf0b514318ff982a66d1f470ca4c1784132d40398f9f3a29d4f6a9d
SHA512 963daa1f0768661f99edca13e82e8239b41e972d5205d40bf824bdb55b1936d5131125f88f3689980abb397f97b7117f0d66ee1401d3168d4f5036b347a23e55

\Users\Admin\AppData\Local\Temp\_MEI21722\python38.dll

MD5 738286431604120e1429392304c3504a
SHA1 a57444b10d55638c35679ca999332f8e098e9984
SHA256 635e03254efaa4dadc436bf23f25a40309466c9d31f96605f84ab0ce80d9252d
SHA512 ac0f967ebbf43dc2ecb2bf86b72a40e19a5e808d6b1dda6e9e30c10828916a63c5539fa31c45d6d4a68c3b24198f767e2e677a5e483376156969a2d9331d01d1

C:\Users\Admin\AppData\Local\Temp\_MEI21722\python38.dll

MD5 656ca0c58d2b3b5cf552b43add8a6c2e
SHA1 cd2149e581b68166d73a9e7cdf26b2a9c466f0b1
SHA256 f60cf8c4f320754b8654e3ce2b07fae572df78fba8be145683d0153009f815e7
SHA512 d556dc3d9966164e3972cd163657417f060bd960d378a3bc61f5944683867f5b4f2db9bae7cfe434f5cd701d62a9e5c29e1a4ba71e8404dc13cb59b6279fe2e6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-06 04:05

Reported

2024-06-06 04:34

Platform

win10v2004-20240426-en

Max time kernel

1s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe"

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\99ed70c894f5c6ed27fed79d75d023fe_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 api.ipify.org udp
US 172.67.74.152:443 api.ipify.org tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 discordapp.com udp
US 162.159.129.233:443 discordapp.com tcp
US 8.8.8.8:53 152.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI27482\python38.dll

MD5 27a4be239540dc97c90e963e82b2b1dd
SHA1 afe3a3d520e178a39ee6a39958b90bc5aa48f636
SHA256 44f59a18c12192289db4135c3c467776da6a2b728df3dbd17b269c6526870097
SHA512 78898219140c269e182267fd72cc5d66794b96159f2285dd220b423f885c7c2f22a832aa7dbd5db400f749eae3dd25487e9387dd2fab00d3f2df9092233193e5

C:\Users\Admin\AppData\Local\Temp\_MEI27482\VCRUNTIME140.dll

MD5 18571d6663b7d9ac95f2821c203e471f
SHA1 3c186018df04e875d6b9f83521028a21f145e3be
SHA256 0b040a314c19ff88f38fd9c89dca2d493113a6109adb8525733c3f6627da888f
SHA512 c8cbca1072b8cb04f9d82135c91ff6d7a539cb7a488671cecb6b5e2f11a4807f47ad9af5a87ebee44984ab71d7c44fc87850f9d04fd2c5019ec1b6a1b483ca21

C:\Users\Admin\AppData\Local\Temp\_MEI27482\base_library.zip

MD5 5d056dfde421c87a84a716767d601536
SHA1 e509010843f69f94a2ac0e70984d472273c052a0
SHA256 dbb25670cbe62b0e8cd0963eef5ee4b96028aed3eb5b2bf407a01c39ec8743ad
SHA512 765270eef8eac595836a2f14cb9a6dd45f300224f5d834c4c947756bb0c32b5d19068ef5d2e2d42cc76c4d14be8b00a17db5b2c61e668241685e35a32c08dac2

C:\Users\Admin\AppData\Local\Temp\_MEI27482\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI27482\libcrypto-1_1.dll

MD5 cc4cbf715966cdcad95a1e6c95592b3d
SHA1 d5873fea9c084bcc753d1c93b2d0716257bea7c3
SHA256 594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1
SHA512 3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

C:\Users\Admin\AppData\Local\Temp\_MEI27482\_queue.pyd

MD5 1fc2c6b80936efc502bfc30fc24caa56
SHA1 4e5b26ff3b225906c2b9e39e0f06126cfc43a257
SHA256 9c47a3b84012837c60b7feced86ed0a4f12910a85fd259a4483a48cd940e3514
SHA512 d07655d78aca969ccc0d7cedf9e337c7b20082d80be1d90d69c42be933fbab1c828316d2eb5461ded2ff35e52762e249fc0c2bccbc2b8436488fb6a270d3d9ee

C:\Users\Admin\AppData\Local\Temp\_MEI27482\unicodedata.pyd

MD5 549c9eeda8546cd32d0713c723abd12a
SHA1 f84b2c529cff58b888cc99f566fcd2eba6ff2b8e
SHA256 5d5e733397ef7c4946cf26c84b07312cb12eaf339374613d4381e694ef38169b
SHA512 9432daf045bac3e322b1797f49afe50f76faf8b7d8db063a1d56578016c813881af3324e2529032a8644a04b58ccc9d2c363bf92b56115f06b9eefebfab08180

C:\Users\Admin\AppData\Local\Temp\_MEI27482\certifi\cacert.pem

MD5 c760591283d5a4a987ad646b35de3717
SHA1 5d10cbd25ac1c7ced5bfb3d6f185fa150f6ea134
SHA256 1a14f6e1fd11efff72e1863f8645f090eec1b616614460c210c3b7e3c13d4b5e
SHA512 c192ae381008eaf180782e6e40cd51834e0233e98942bd071768308e179f58f3530e6e883f245a2630c86923dbeb68b624c5ec2167040d749813fedc37a6d1e6

C:\Users\Admin\AppData\Local\Temp\_MEI27482\_hashlib.pyd

MD5 5fa7c9d5e6068718c6010bbeb18fbeb3
SHA1 93e8875d6d0f943b4226e25452c2c7d63d22b790
SHA256 2e98f91087f56dfdffbbdd951cd55cd7ea771cec93d59cadb86b964ed8708155
SHA512 3104aa8b785740dc6a5261c27b2bdc6e14b2f37862fa0fba151b1bc1bfc0e5fb5b6934b95488fa47c5af3fc2b2283f333ff6517b6f8cf0437c52cf171da58bf5

C:\Users\Admin\AppData\Local\Temp\_MEI27482\_lzma.pyd

MD5 60e215bb78fb9a40352980f4de818814
SHA1 ff750858c3352081514e2ae0d200f3b8c3d40096
SHA256 c4d00582dee45841747b07b91a3e46e55af79e6518ec9f0ce59b989c0acd2806
SHA512 398a441de98963873417da6352413d080620faf2ae4b99425d7c9eaf96d5f2fdf1358e21f16870bdff514452115266a58ee3c6783611f037957bfa4bcec34230

C:\Users\Admin\AppData\Local\Temp\_MEI27482\_bz2.pyd

MD5 fc0d862a854993e0e51c00dee3eec777
SHA1 20203332c6f7bd51f6a5acbbc9f677c930d0669d
SHA256 e5de23dbac7ece02566e79b3d1923a8eeae628925c7fb4b98a443cad94a06863
SHA512 b3c2ade15cc196e687e83dd8d21ce88b83c8137a83cfc20bc8f2c8f3ab72643ef7ca08e1dc23de0695f508ba0080871956303ac30f92ab865f3e4249d4d65c2f

C:\Users\Admin\AppData\Local\Temp\_MEI27482\libssl-1_1.dll

MD5 bc778f33480148efa5d62b2ec85aaa7d
SHA1 b1ec87cbd8bc4398c6ebb26549961c8aab53d855
SHA256 9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843
SHA512 80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

C:\Users\Admin\AppData\Local\Temp\_MEI27482\_ssl.pyd

MD5 84dea8d0acce4a707b094a3627b62eab
SHA1 d45dda99466ab08cc922e828729d0840ae2ddc18
SHA256 dcf6b3ff84b55c3859d0f176c4ce6904c0d7d4643a657b817c6322933dbf82f6
SHA512 fdaa7eb10f8bf7b42a5c9691f600eff48190041a8b28a5dab977170db717fff58dd0f64b02ca30d274552ff30ee02a6577f1465792cf6760366c2588bf373108

C:\Users\Admin\AppData\Local\Temp\_MEI27482\select.pyd

MD5 a2ab334e18222738dcb05bf820725938
SHA1 2f75455a471f95ac814b8e4560a023034480b7b5
SHA256 7ba95624370216795ea4a087c326422cfcbccc42b5ada21f4d85c532c71afad7
SHA512 72e891d1c7e5ea44a569283b5c8bd8c310f2ee3d3cc9c25c6a7d7d77a62cb301c822c833b0792c3163cf0b0d6272da2f667e6bc74b07ed7946082433f77d9679

C:\Users\Admin\AppData\Local\Temp\_MEI27482\_socket.pyd

MD5 1d53841bb21acdcc8742828c3aded891
SHA1 cdf15d4815820571684c1f720d0cba24129e79c8
SHA256 ab13258c6da2c26c4dca7239ff4360ca9166ea8f53bb8cc08d2c7476cab7d61b
SHA512 0266bcbcd7ca5f6c9df8dbeea00e1275932dacc38e5dd83a47bfbb87f7ca6778458a6671d8b84a63ae9216a65975da656ba487ac28d41140122f46d0174fa9f9

C:\Users\Admin\AppData\Local\Temp\_MEI27482\_ctypes.pyd

MD5 8adb1345c717e575e6614e163eb62328
SHA1 f1ee3fff6e06dc4f22a5eb38c09c54580880e0a3
SHA256 65edc348db42347570578b979151b787ceebfc98e0372c28116cc229494a78a8
SHA512 0f11673854327fd2fcd12838f54c080edc4d40e4bcb50c413fe3f823056d189636dc661ea79207163f966719bf0815e1ffa75e2fb676df4e56ed6321f1ff6cae

C:\Users\Admin\AppData\Local\Temp\_MEI27482\python38.dll

MD5 a3e17bf41b447cc4d71b529addfe0002
SHA1 be136843714e7c0cf8ecfe1372ad49fa47d7efa2
SHA256 8e7e8142666583e547bc0832e44df5e13d4f0a459c8866be90f7656eef034ac3
SHA512 e5fa4d52d44cec760bde56ae1def18bcd916a533b1b8cde87ef15b8587eb472934e3d92713797da817572ac0688adf7b43da78747211a9382e46f8a7654b7967