ab362df48a7966b449c5688ea93dc0c21e93d928c8829a10a303ba3addb1d46b

General

Target

9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
Size

5.5MB
MD5

9dc83c7bcb99df1367a89c65b1279ab2
SHA1

29f9d25e0afbffe2abfbaf8ae7c80366d8b80728
SHA256

ab362df48a7966b449c5688ea93dc0c21e93d928c8829a10a303ba3addb1d46b
SHA512

2aed965822aaf1a92e261aa0941da695a1ebcb6a30e0d5a7611f8d10328fec9631f2e77fbe250190b809742e50035093e3df3025fe39be6342ab542f1b0b8581
SSDEEP

98304:CIBxPDCqpGyZOVEswiAYGhcM8fF2DDJv1I2vPP7+1uI6sQ9o:JZzMyGPu3OR92PE2vNNsQ9

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
496	9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
496	9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
496	9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
496	9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
496	9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
496	9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
496	9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
496	9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
496	9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
496	9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 496	2648	9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe	91
PID 2648 wrote to memory of 496	2648	9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe	91
PID 2648 wrote to memory of 496	2648	9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe	91

C:\Users\Admin\AppData\Local\Temp\9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Users\Admin\AppData\Local\Temp\9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  PID:496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1344 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26482\libeay32.DLL

Filesize
1008KB

MD5
8f4b9a23a0175fefe8388042ac2b7efa

SHA1
6355d112ceb46d67b713e803ee3d86b11862e301

SHA256
4b38afd7a45dfdaadb115657854974c6465d107bf94ef815757dff22dc74e16b

SHA512
57f0287db9b4ce4a5321cf12861f75904b73f9d76015f709ee6578b15125abbc0ffab399b367d6a20883394de0ad9d993e565f32eb25900f41fccfd8ff1cc87a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26482\python27.dll

Filesize
2.3MB

MD5
1f6a3e2a68eec142bdcc20dc27da7518

SHA1
fba21b6b0e69232ed71e01b3ef7639691ca8cf2e

SHA256
488fb259c0acda09b93cf95f56d51a17cf16fa2d83dd19a4a4b74a528711a8c0

SHA512
e879094624bb1df152b804956fda151605a605c7ae7506e5d963797f61abd97160b3ffdc328b030354216ebc218a59e75f9a48b0b483c253dd51f2a1aa26503b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26482\www-private-key-1S.exe.manifest

Filesize
1KB

MD5
8aa855778998f254ac52cb3635d8b129

SHA1
1c72c3516e391f9008837884bfe786e7797537ea

SHA256
2f535afec1d75476fe044bcf2ce34816e9e26587686fea4e88c53fa79f70e1d8

SHA512
b5e9402111ba14eae65e50489fce80e53389aceeecfded59900fe42af90d68c3b98de97189b86464085870825ce2d6e3bf7596981907cb4011fb62ae0d3e3165

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26~1\_ctypes.pyd

Filesize
72KB

MD5
f9982f8b1176597b81ed1285d1616ce7

SHA1
7cf74cce8b20adeeff83e29eacc028bdf2d7c18a

SHA256
d14315cf03aa7d96b714bfc13f7990ec245d205e4a5f9f002d2805e369199239

SHA512
cd3339dc69ff918d3e4db2ae219ff7df58f18a151f088fa051b4cdf48e4cfd6569a9ca9e414708818004de7d0cb3cea64fa2ee4c0a1f6b832d86229446e22153

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26~1\_hashlib.pyd

Filesize
278KB

MD5
199bde23ef347dbccc6bf5a112b43c93

SHA1
ba98ef27c64eb858ac7c3ae6ff1dece53094e753

SHA256
6f8a2f7fe1a702521706fcbe82592ac24e8c897f5bf47f798122dbd0b109c2a6

SHA512
dd92d4ad8bda852cfc4b1823d9371c10b5af3ad4057af3269d88ecb70bcd2600807252305ae647ff646f3080ac1e71e918a9ab623ba16fe7b73462238facc9cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26~1\_socket.pyd

Filesize
40KB

MD5
07789a8c23bcebe32f8bfd4ce4af5ffb

SHA1
132d7ad9d2a7c3ff51b246fd14f0a4f738d68e10

SHA256
235cc97584c3d31e5f3146121f64699d30cf372a86868ea755a9a0afa6c56144

SHA512
d461d8313c285e568ce44c08d1af7c54aafae0d1e8235109d5d71f6baffe8f677ae3202590cf33ab34625ac87285c7dc4c1df2e2181acd4b998309d23e12fd3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26~1\_ssl.pyd

Filesize
1.3MB

MD5
d0e36d53cbcea2ac559fec2c596f5b06

SHA1
8abe0c059ef3403d067a49cf8abcb883c7f113ec

SHA256
ae14e8d2ac9adbbb1c1d2a8001a017ba577663322fe7606c22bc0081d2764bc9

SHA512
6cc4a3ede744f81a8e619ee919dfc25e3d16bdcdcf25ec49699d9c1b5511e29d88c67bb7f6936363960838a73e4417668fe6a18220bf777baf174bb8278b69be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26~1\pycurl.pyd

Filesize
2.1MB

MD5
c4479ced36eeaf704bab58b2f8516880

SHA1
08879f664fa446dbbdc906ff6d2f2bb12423b56c

SHA256
671ce7c20a9df78c88d0f9932484f0f076b151452ad331ea5d60ee966ca36e12

SHA512
f7ca5edcc340ccf3d892d8ea13c9dc05d088023a31fd7c73f54555ce72b6de4d4f5cc928d7538ba5028c99760d879aef266708368576a5fef7ec5cd31f4a3ec6

Download Submit
memory/496-31-0x0000000001660000-0x000000000166C000-memory.dmp

Filesize
48KB

Download
memory/496-35-0x0000000003780000-0x00000000039A9000-memory.dmp

Filesize
2.2MB

Download
memory/496-40-0x0000000003AF0000-0x0000000003BF2000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads