Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/06/2024, 15:01

General

  • Target

    1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe

  • Size

    11.7MB

  • MD5

    1263d2b17af917e0cafc16054004eac3

  • SHA1

    1fdbdebb1fa92102fd8abc2648030a0027cbcef3

  • SHA256

    588648051c60c353b5541b78d13a94a09802d3d332cf5aaf57b4aaf5c02559fa

  • SHA512

    a54ee8a30ad306c0aea963ed09a4598100b3803af7fa09e011b65e255ca8e6cf1b3a1f7796c50c5461b890502c2e101bb6b11174612497c51549169c0aa46ac1

  • SSDEEP

    196608:a+eIunHm269onJ5hrZERdW3q+09iq2pPeAyiU8AdZYJERBrTWjnDNhdHqb6R6A:VunG269c5hlERblh2pvAdZYyDrynDNp

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 17 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4468
    • C:\Users\Admin\AppData\Local\Temp\1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe"
      2⤵
      • Loads dropped DLL
      PID:4848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\VCRUNTIME140.dll

    Filesize

    99KB

    MD5

    8697c106593e93c11adc34faa483c4a0

    SHA1

    cd080c51a97aa288ce6394d6c029c06ccb783790

    SHA256

    ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

    SHA512

    724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\_bz2.pyd

    Filesize

    83KB

    MD5

    6c7565c1efffe44cb0616f5b34faa628

    SHA1

    88dd24807da6b6918945201c74467ca75e155b99

    SHA256

    fe63361f6c439c6aa26fd795af3fd805ff5b60b3b14f9b8c60c50a8f3449060a

    SHA512

    822445c52bb71c884461230bb163ec5dee0ad2c46d42d01cf012447f2c158865653f86a933b52afdf583043b3bf8ba7011cc782f14197220d0325e409aa16e22

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\_cffi_backend.cp39-win_amd64.pyd

    Filesize

    178KB

    MD5

    f5bf6a2926c1106cc6b72dca1157e04f

    SHA1

    58875e55b42def38bb748c5f70cd37ae93d44ef2

    SHA256

    3d3aeb22fd97a8bd2fee53412ce43466c76f22a1fd918b769ab6a58bf859d5a2

    SHA512

    95610daabc3c150f606184feb66459e30a3a0b509a7adf40806601d83e821c5d5f5afc2af8d0eb1cad92cabf6d3aff21c9a35094fba1cfa8faed5293a8f2c986

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\_ctypes.pyd

    Filesize

    122KB

    MD5

    29da9b022c16da461392795951ce32d9

    SHA1

    0e514a8f88395b50e797d481cbbed2b4ae490c19

    SHA256

    3b4012343ef7a266db0b077bbb239833779192840d1e2c43dfcbc48ffd4c5372

    SHA512

    5c7d83823f1922734625cf69a481928a5c47b6a3bceb7f24c9197175665b2e06bd1cfd745c55d1c5fe1572f2d8da2a1dcc1c1f5de0903477bb927aca22ecb26a

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\_lzma.pyd

    Filesize

    157KB

    MD5

    b5355dd319fb3c122bb7bf4598ad7570

    SHA1

    d7688576eceadc584388a179eed3155716c26ef5

    SHA256

    b9bc7f1d8aa8498cb8b5dc75bb0dbb6e721b48953a3f295870938b27267fb5f5

    SHA512

    0e228aa84b37b4ba587f6d498cef85aa1ffec470a5c683101a23d13955a8110e1c0c614d3e74fb0aa2a181b852bceeec0461546d0de8bcbd3c58cf9dc0fb26f5

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\_queue.pyd

    Filesize

    27KB

    MD5

    4ab2ceb88276eba7e41628387eacb41e

    SHA1

    58f7963ba11e1d3942414ef6dab3300a33c8a2bd

    SHA256

    d82ab111224c54bab3eefdcfeb3ba406d74d2884518c5a2e9174e5c6101bd839

    SHA512

    b0d131e356ce35e603acf0168e540c89f600ba2ab2099ccf212e0b295c609702ac4a7b0a7dbc79f46eda50e7ea2cf09917832345dd8562d916d118aba2fa3888

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\_socket.pyd

    Filesize

    77KB

    MD5

    f5dd9c5922a362321978c197d3713046

    SHA1

    4fbc2d3e15f8bb21ecc1bf492f451475204426cd

    SHA256

    4494992665305fc9401ed327398ee40064fe26342fe44df11d89d2ac1cc6f626

    SHA512

    ce818113bb87c6e38fa85156548c6f207aaab01db311a6d8c63c6d900d607d7beff73e64d717f08388ece4b88bf8b95b71911109082cf4b0c0a9b0663b9a8e99

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\base_library.zip

    Filesize

    767KB

    MD5

    b885535007f6a62ce17401e6d6605121

    SHA1

    2eff535379685dd3889ee75c88952b5882fb346e

    SHA256

    57272e17d4d092b5777e6fec87d792c45a2affaa791e8676b064d793d580d5f3

    SHA512

    c227cc8f131b01ac6dce1b3bfd01a56e24ea8ac4dd38a1da3619d92bd9b24d100f5e8812c6d5cbfe5beaf28b425147ef16bf150ae8a01ddc710a49f81d376718

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\cryptography\hazmat\bindings\_padding.pyd

    Filesize

    13KB

    MD5

    6367c1887237fec67b88bb37b90ac8b2

    SHA1

    cdcdfaa67d69636082a4eafdc2cc3346fe3c6267

    SHA256

    28a496d00b1f388558b56defa8ebb3db629f01a6ef669782754a7a96cb5a2980

    SHA512

    199dd521daae09c0ceb69dd7b58487294f173b017fcadf5d6121736cc45ee61579fe2f4fbd99c40e3428be55f53846e13bc2622ed61bf35d5d9ca1fd26f29ca0

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\libffi-7.dll

    Filesize

    32KB

    MD5

    eef7981412be8ea459064d3090f4b3aa

    SHA1

    c60da4830ce27afc234b3c3014c583f7f0a5a925

    SHA256

    f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

    SHA512

    dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\python3.DLL

    Filesize

    57KB

    MD5

    3c88de1ebd52e9fcb46dc44d8a123579

    SHA1

    7d48519d2a19cac871277d9b63a3ea094fbbb3d9

    SHA256

    2b22b6d576118c5ae98f13b75b4ace47ab0c1f4cd3ff098c6aee23a8a99b9a8c

    SHA512

    1e55c9f7ac5acf3f7262fa2f3c509ee0875520bb05d65cd68b90671ac70e8c99bce99433b02055c07825285004d4c5915744f17eccfac9b25e0f7cd1bee9e6d3

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\python39.dll

    Filesize

    4.3MB

    MD5

    11c051f93c922d6b6b4829772f27a5be

    SHA1

    42fbdf3403a4bc3d46d348ca37a9f835e073d440

    SHA256

    0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

    SHA512

    1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\pythoncom39.dll

    Filesize

    543KB

    MD5

    778867d6c0fff726a86dc079e08c4449

    SHA1

    45f9b20f4bf27fc3df9fa0d891ca6d37da4add84

    SHA256

    5dfd4ad6ed4cee8f9eda2e39fe4da2843630089549c47c7adda8a3c74662698a

    SHA512

    5865cb730aa90c9ac95702396e5c9f32a80ff3a7720e16d64010583387b6dbd76d30426f77ab96ecb0e79d62262e211a4d08eae28109cd21846d51ed4256b8ea

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\pywintypes39.dll

    Filesize

    137KB

    MD5

    72511a9c3a320bcdbeff9bedcf21450f

    SHA1

    7a7af481fecbaf144ae67127e334b88f1a2c1562

    SHA256

    c06a570b160d5fd8030b8c7ccba64ce8a18413cb4f11be11982756aa4a2b6a80

    SHA512

    0d1682bb2637834bd8cf1909ca8dbeff0ea0da39687a97b5ef3d699210dc536d5a49a4f5ff9097cabd8eb65d8694e02572ff0fdabd8b186a3c45cd66f23df868

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\select.pyd

    Filesize

    26KB

    MD5

    7a442bbcc4b7aa02c762321f39487ba9

    SHA1

    0fcb5bbdd0c3d3c5943e557cc2a5b43e20655b83

    SHA256

    1dd7bba480e65802657c31e6d20b1346d11bca2192575b45eb9760a4feb468ad

    SHA512

    3433c46c7603ae0a73aa9a863b2aecd810f8c0cc6c2cd96c71ef6bde64c275e0fceb4ea138e46a5c9bf72f66dcdea3e9551cf2103188a1e98a92d8140879b34c

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\unicodedata.pyd

    Filesize

    1.1MB

    MD5

    8320c54418d77eba5d4553a5d6ec27f9

    SHA1

    e5123cf166229aebb076b469459856a56fb16d7f

    SHA256

    7e719ba47919b668acc62008079c586133966ed8b39fec18e312a773cb89edae

    SHA512

    b9e6cdcb37d26ff9c573381bda30fa4cf1730361025cd502b67288c55744962bdd0a99790cedd4a48feef3139e3903265ab112ec545cb1154eaa2a91201f6b34

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\win32api.pyd

    Filesize

    131KB

    MD5

    99a3fc100cd43ad8d4bf9a2975a2192f

    SHA1

    cf37b7e17e51e7823b82b77c88145312df5b78cc

    SHA256

    1665ad12ad7cbf44ae63a622e8b97b5fd2ed0a092dfc5db8f09a9b6fdc2d57e7

    SHA512

    c0a60d5333925ce306ceb2eb38e13c6bae60d2663d70c37ecfc81b7346d12d9346550cb229d7c4f58d04dd182536d799e6eff77996d712fc177b1f5af7f4a4f2

  • C:\Users\Admin\AppData\Local\Temp\_MEI44682\win32event.pyd

    Filesize

    26KB

    MD5

    9075789a18d8840a5c440e0226be7405

    SHA1

    60c04fc2f6f82328c552b0460e3567c91554ee2c

    SHA256

    bf12821fec798cfde4010551e3be4f9aa07d7facb1253c32357bbfa43ed80d8d

    SHA512

    24ef97ac9d3b25db16dd3eaa185edc58a43e75dd729c31615c0fa7aa09cc05c61d93297a343f35b24548eb3b0631fb79201c0ea8f36503b5994ad1cdbcf9319c