d286e700a121c53f474fd69f6cd4a754048c08eb7f306f5696127a502c536eee

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 18:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
Size

5.9MB
MD5

2346ce6686cd7fb037ff07b11712fb01
SHA1

759e24f86d65015bbc61127dca9978436e246859
SHA256

d286e700a121c53f474fd69f6cd4a754048c08eb7f306f5696127a502c536eee
SHA512

1e08566be4e519a40a3e5570c4c33bd7750542b3c8f9f760fbe3b6a33b981b3ede83e23a3c2da53db2150d7110df38f818950154ba7005bf6e4758a54a893550
SSDEEP

98304:CPxRDCqpKQNtwiA6GhcM8fF2DDJv1I2vPP7+1uh/xQBEKj:gzzQIuZOR92PE2vN1xQ6S

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 20 IoCs

pid	Process
2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
1996	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
1996	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
1996	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
1996	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
1996	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
1996	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
1996	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
1996	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
1996	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
1996	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
Token: SeDebugPrivilege	1996	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2756	1688	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe	28
PID 1688 wrote to memory of 2756	1688	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe	28
PID 1688 wrote to memory of 2756	1688	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe	28
PID 1688 wrote to memory of 2756	1688	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe	28
PID 2756 wrote to memory of 1996	2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe	29
PID 2756 wrote to memory of 1996	2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe	29
PID 2756 wrote to memory of 1996	2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe	29
PID 2756 wrote to memory of 1996	2756	2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Users\Admin\AppData\Local\Temp\2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2346ce6686cd7fb037ff07b11712fb01_JaffaCakes118.exe" "--multiprocessing-fork" "876"
    3⤵
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI16882\MSVCR90.dll

Filesize
638KB

MD5
31d858c6f1c453af516343758a4b2c69

SHA1
ec9fafdb7333df42e3a8fb25f6f0f30ffe36b795

SHA256
12abcf99dd28bf35b3c224accfe2587ba5f4199d163224b344cdc770eed36130

SHA512
92923ca2f4be8fab82a5104cbc39ce84ce60000d4e825b5ccc0b44ba7f7090f7967b491350adf2f0c4ef9ce63ba93241030245e730f1a77c055b0257e64cbc45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16882\address-in-addresses-10.exe.manifest

Filesize
1KB

MD5
aeec3857c9685e4cbb6cc987e7c5389a

SHA1
19ba8d595a6ca405329b5535e1af7dadd5b0f526

SHA256
d79ab7ce31e5a150c4950b3d8edb0d6f6f07a03cbae8fafe951401b62008bcbb

SHA512
de66f14ad126eea46fa7eebe8929143c2838db4cf7b3ed65ebc3d94c498d1e5f606d198260308657f615920a55b7c17495a7ae8bab5750688db616264b0e7433

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16882\libeay32.DLL

Filesize
1.2MB

MD5
445329ac62452841c4e7e0a72d9c1d41

SHA1
bd031b175bfdd2b01ce0245a7ab08628abdacb4c

SHA256
e7005a53343604b6198d8c4a3ea711ed7c90f7280c15d6cee714e8ff22110bda

SHA512
52d6d51b9ac05598a57e12560c4c9a07eebb722ca0287bd9102c4eedc2e004b10ef900846a04da694fdec9f5e98a1d602cd2b415f9384c2b6d2c46cca7ed8952

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16882\python27.dll

Filesize
2.3MB

MD5
1f6a3e2a68eec142bdcc20dc27da7518

SHA1
fba21b6b0e69232ed71e01b3ef7639691ca8cf2e

SHA256
488fb259c0acda09b93cf95f56d51a17cf16fa2d83dd19a4a4b74a528711a8c0

SHA512
e879094624bb1df152b804956fda151605a605c7ae7506e5d963797f61abd97160b3ffdc328b030354216ebc218a59e75f9a48b0b483c253dd51f2a1aa26503b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16~1\_ctypes.pyd

Filesize
72KB

MD5
f9982f8b1176597b81ed1285d1616ce7

SHA1
7cf74cce8b20adeeff83e29eacc028bdf2d7c18a

SHA256
d14315cf03aa7d96b714bfc13f7990ec245d205e4a5f9f002d2805e369199239

SHA512
cd3339dc69ff918d3e4db2ae219ff7df58f18a151f088fa051b4cdf48e4cfd6569a9ca9e414708818004de7d0cb3cea64fa2ee4c0a1f6b832d86229446e22153

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16~1\_hashlib.pyd

Filesize
278KB

MD5
199bde23ef347dbccc6bf5a112b43c93

SHA1
ba98ef27c64eb858ac7c3ae6ff1dece53094e753

SHA256
6f8a2f7fe1a702521706fcbe82592ac24e8c897f5bf47f798122dbd0b109c2a6

SHA512
dd92d4ad8bda852cfc4b1823d9371c10b5af3ad4057af3269d88ecb70bcd2600807252305ae647ff646f3080ac1e71e918a9ab623ba16fe7b73462238facc9cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16~1\_multiprocessing.pyd

Filesize
23KB

MD5
557ef00fca5a09ff4279ff79da7123e5

SHA1
05368053f98ae6210e20e41c76b07adcfcb867cb

SHA256
6c8095dd83694fbe58e9cfd9548d5559c5853b690e8f3761b3194edc374701d9

SHA512
0977affa225f720786f5b74d600c95ba75e93fe555972dbd2a2d1d9ec8063001009a81b7884caaa9e4d37b1f1285f05758607d99d425f2a6b9518f2194fe9cbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16~1\_socket.pyd

Filesize
40KB

MD5
07789a8c23bcebe32f8bfd4ce4af5ffb

SHA1
132d7ad9d2a7c3ff51b246fd14f0a4f738d68e10

SHA256
235cc97584c3d31e5f3146121f64699d30cf372a86868ea755a9a0afa6c56144

SHA512
d461d8313c285e568ce44c08d1af7c54aafae0d1e8235109d5d71f6baffe8f677ae3202590cf33ab34625ac87285c7dc4c1df2e2181acd4b998309d23e12fd3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16~1\_ssl.pyd

Filesize
1.3MB

MD5
d0e36d53cbcea2ac559fec2c596f5b06

SHA1
8abe0c059ef3403d067a49cf8abcb883c7f113ec

SHA256
ae14e8d2ac9adbbb1c1d2a8001a017ba577663322fe7606c22bc0081d2764bc9

SHA512
6cc4a3ede744f81a8e619ee919dfc25e3d16bdcdcf25ec49699d9c1b5511e29d88c67bb7f6936363960838a73e4417668fe6a18220bf777baf174bb8278b69be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16~1\psutil._psutil_windows.pyd

Filesize
39KB

MD5
89ca719ea548dec02bf0b5f84c80fe8c

SHA1
c6f2c7183bcd945ecf9f7d556729ecc0baa6a026

SHA256
cf0f69aab727ceb8d5bc6a686c203393c01d3d5bf3cde8c20c137eb3c4c319a2

SHA512
8a3bc94b42dab39f312c6a9a096431e642b5aff12a52b9ecc2790165c7c2e3f87166da995005d7614a0149bb5ba156ef5009082c5a20561a5317adf6d3658178

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16~1\pycurl.pyd

Filesize
2.1MB

MD5
c4479ced36eeaf704bab58b2f8516880

SHA1
08879f664fa446dbbdc906ff6d2f2bb12423b56c

SHA256
671ce7c20a9df78c88d0f9932484f0f076b151452ad331ea5d60ee966ca36e12

SHA512
f7ca5edcc340ccf3d892d8ea13c9dc05d088023a31fd7c73f54555ce72b6de4d4f5cc928d7538ba5028c99760d879aef266708368576a5fef7ec5cd31f4a3ec6

Download Submit
memory/1996-58-0x0000000002890000-0x0000000002AB9000-memory.dmp

Filesize
2.2MB

Download
memory/1996-56-0x0000000000160000-0x000000000016C000-memory.dmp

Filesize
48KB

Download
memory/2756-39-0x0000000000120000-0x000000000012C000-memory.dmp

Filesize
48KB

Download
memory/2756-46-0x0000000000170000-0x000000000017C000-memory.dmp

Filesize
48KB

Download
memory/2756-42-0x0000000002A80000-0x0000000002CA9000-memory.dmp

Filesize
2.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads