4af02d260274f3950f282498f567fda5221e10f30242f1a977ac2d93b79a598c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 10:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d61cac00eebb8c2c71945e4b072952d5_JaffaCakes118.exe
Size

5.1MB
MD5

d61cac00eebb8c2c71945e4b072952d5
SHA1

71762193f42d22cd192707edd6bbe2509e23a765
SHA256

4af02d260274f3950f282498f567fda5221e10f30242f1a977ac2d93b79a598c
SHA512

1771640c1d4efe15b7579a478973124157fe792ff8de35f6581c0eabc8dab998b85916f6ddf0dd70b9901a5467c6634b2b33c5474fb3ccf320caf2f8032172d1
SSDEEP

98304:0px1rPfM5nAXCwV7QcFRohWwefBWbmJFSqUO7Ne8KTR4hM2fKvGoKpWM2EMLWDm1:031jfOAz7QcFRhGU08O4q2yuoK0Mfj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1944	d61cac00eebb8c2c71945e4b072952d5_JaffaCakes118.exe
1944	d61cac00eebb8c2c71945e4b072952d5_JaffaCakes118.exe
1944	d61cac00eebb8c2c71945e4b072952d5_JaffaCakes118.exe
1944	d61cac00eebb8c2c71945e4b072952d5_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	1944	d61cac00eebb8c2c71945e4b072952d5_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 1944	2104	d61cac00eebb8c2c71945e4b072952d5_JaffaCakes118.exe	30
PID 2104 wrote to memory of 1944	2104	d61cac00eebb8c2c71945e4b072952d5_JaffaCakes118.exe	30
PID 2104 wrote to memory of 1944	2104	d61cac00eebb8c2c71945e4b072952d5_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\d61cac00eebb8c2c71945e4b072952d5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d61cac00eebb8c2c71945e4b072952d5_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\d61cac00eebb8c2c71945e4b072952d5_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\d61cac00eebb8c2c71945e4b072952d5_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21042\VCRUNTIME140.dll

Filesize
85KB

MD5
edf9d5c18111d82cf10ec99f6afa6b47

SHA1
d247f5b9d4d3061e3d421e0e623595aa40d9493c

SHA256
d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb

SHA512
bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\_socket.pyd

Filesize
70KB

MD5
deb70216c2eb99c0585fa0e81ab01497

SHA1
c57fddb30575bddcdd6cb67823e40e149afe558a

SHA256
c6988c8ce1fcfb4f45e887bc19416f7bf4c27284d4d3d078c77b542231535f27

SHA512
67d89dbded092ff364411f7c00affe7fe39983d4701d6dcaee42b8c91548de58b6f083808a1148f9ec0bb533a6c8d51d4503ae6f0bba2dae7d9f427d62b6d5bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\backdoor.exe.manifest

Filesize
1KB

MD5
d9d4919df91a3d4fbdc6fa24485c9a8d

SHA1
7926dd651a7f84c72135d1b8d996ee117d77c7a9

SHA256
02b46f0243f1d8f1c4166323c79320a88e588ff9c43e7090fbc6b14984817615

SHA512
fda11c673e02a1ac5edc83b1a7eb5f683eb7c9cc5fc32a918c60426dd308e103b38b4f9fe6cea29cc25e000e93faee81c203ae96b2d11910719db29ce0233555

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\base_library.zip

Filesize
758KB

MD5
4e0d7b48dde02cd00d3c080d150be35d

SHA1
009debf08b8001471bb824b061964d2039e462c2

SHA256
591db077b45a3073edac3e83e6cffd0c3a9e54bc4770df59e976b0bee19bdab0

SHA512
543d805c0aed3024645b943184c59b05ddee26887e1648ace283f8fc175f29460d327c42d896eb011bb24e97835eff140ec5a89795f7692526f9583aa378dbe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\python36.dll

Filesize
3.4MB

MD5
8e8e7e9fdf1aaf9e35204dd14590539f

SHA1
5b1de0b9a893d662aa7600f419d39616095a40f7

SHA256
fcacd2989c1a36f4e38655ad28de2508f122e017791e349a0a93018779136484

SHA512
03c198b1c60c6ba51030800808e15ac39baf32db45c2a400325f3f288e52cc91f7a6bdda1f1ebf96dd42276b97a8c18ba0d8a50e213ef8c821ba985cd1909b37

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\select.pyd

Filesize
26KB

MD5
d387a34673cc46c4f3cc37e090ba3afe

SHA1
0c4127334dd46108f8652a11f86c6d73647a777b

SHA256
1474f90284b7a106795c8440e6883eccd7f97709a2b1050ea3bf69b2a8314795

SHA512
099f491542d793ccbf7242083421832b5f23f15ebe0f88b2df933d7acb02bcd70df6cdaa730ea365ce09ab514ddf73d474d8d02beb6c082328a362d3efef0672

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads