Overview

overview

10

Static

static

3

JaffaCakes...ef.exe

windows7-x64

10

JaffaCakes...ef.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    3s
  • max time network
    2s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2025, 17:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_8ce85fadb92eb13c1311e57baa44a3ef.exe

  • Size

    468KB

  • MD5

    8ce85fadb92eb13c1311e57baa44a3ef

  • SHA1

    1d5dc7022a42a0b2734933e4845262f6203b8c08

  • SHA256

    325b211e430cc75911dd92060d498796f9d572db4d48dea79b0ef471720400f4

  • SHA512

    3598b1d436865cb67be091b828037b56aeb67ac8df84f578de3ab2eb00b113818d1e75ae21d6cb9cf9e8ac2547d1ae3c6fc4538a6f63012fa4a7d6f886d79538

  • SSDEEP

    6144:KIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUjaRrx:KIXsgtvm1De5YlOx6lzBH46Uj8x

Score
10/10
pykspaworm

Malware Config

Signatures

  • Pykspa

    Pykspa is a worm spreads via Skype uses DGA and it's written in C++.

    wormpykspa
  • Pykspa family
    pykspa
  • Detect Pykspa worm 1 IoCs
    worm

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ce85fadb92eb13c1311e57baa44a3ef.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ce85fadb92eb13c1311e57baa44a3ef.exe"
    1⤵
      PID:1700
      • C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe
        "C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_8ce85fadb92eb13c1311e57baa44a3ef.exe*"
        2⤵
          PID:2088
          • C:\Users\Admin\AppData\Local\Temp\ujmpckp.exe
            "C:\Users\Admin\AppData\Local\Temp\ujmpckp.exe" "-C:\Users\Admin\AppData\Local\Temp\trdplcqewjcufmrr.exe"
            3⤵
              PID:2680

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nrjbdauomfectgrxactxph.exe
          Filesize

          64KB

          MD5

          251d18cf302ac6ba9533fdd611408e4d

          SHA1

          1d249a925d5cfb140770660044fafe73faba3bac

          SHA256

          7db9348cae048f6f40e3c16b4faa8a3ff0b95c7e460d420817e65b273521847a

          SHA512

          90ccedd16c8914bf98bc8f824cc725028c675adcfa4eee51544eea4309b649f3b389158d289a5f13e6127271d95ed8a0b965bbd3f9d9718289d87efa3557cfc7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe
          Filesize

          320KB

          MD5

          a30c781134da725fe78ebf48d50e6e3d

          SHA1

          8a363972da217f93e846c60eab6f0d0dd59b656d

          SHA256

          814b332a295b12dac338a57b4a0ba9e05f12e6ebf27fe1c0476915ec6a462b01

          SHA512

          19620868dcf83bcf4f14f0750cb5a8711b84149e816b04a6ee41d457d4fe418ae3abc426d73ecab30936aee0d6676dc6fc8d9b545243dcdadb3cf3c3fc8eac7f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\ujmpckp.exe
          Filesize

          136KB

          MD5

          c38dd693af6d36625a93da82a3e4bca3

          SHA1

          876d2352c26e6cb8b6a2478e8756cca8a0ae0cbc

          SHA256

          cec90baf6036095f1ac6c0cce1c548e268d6c7d6143e3c7e6d6daf1cb5686cac

          SHA512

          5f86ea4eac71d1e0cd8357910348f018417dad7e8a4a0a59bf53c7ddc257515a04b058fbaddd36cf894eff5c3f26ad2997d9f6254d0679b1c26eb5562265622f

          Download Submit

        • C:\Windows\SysWOW64\hjzppkcuqheapajnoodf.exe
          Filesize

          128KB

          MD5

          a8fbf9b69ba6dec219b2033270d69ec6

          SHA1

          5575825834b8cd46f5d9ef52555abfa51b99c4ad

          SHA256

          2697fe37075db41217ec2d2fe020808988ef8426b78265386e06afd72faf8217

          SHA512

          7f0025aed9f08ff513b7c66d403e1192f96a20e62d2fa149b3b26d718997029a78262e6a54d53afe126bb96fa6d1a53eadd9e92f65a1b0094ecfe2dd47a62654

          Download Submit

        • C:\Windows\SysWOW64\jjxljcsicrmgtcjlki.exe
          Filesize

          411KB

          MD5

          ea49cff6e53de35e0cce442e47559cab

          SHA1

          e8b500d8785b97c6afe49134ff48454ada6ef78d

          SHA256

          e15a1a42bc6f02e5dc4a20c15910b1a32e6dcea30a165992369aca0ef56114ea

          SHA512

          9c4f3a56dcf00418cb8629dab6efacfbae563f335b453066a9719e39622aa636a266ccb96a8ee60e2b381e26aabceefbb2dd7127b50e3272730d1f4e5a67791e

          Download Submit

        • C:\Windows\nrjbdauomfectgrxactxph.exe
          Filesize

          45KB

          MD5

          d709d26dcf00f42a2d57eb5ee9d92a4a

          SHA1

          8d27135dfe81ac577539723a3d435345f5ba8fc9

          SHA256

          3ee1d153736957220c9860fd9c7102cfec0296ee35637a4d368f8a3a0a128746

          SHA512

          dda4f1dfefc89d60af6d918f5da493acc082ca5303da437ce66222d66f5446908dc525f1b6962c434fe3abd58359c4cea9823f61fc996917cd23fd3688e7805d

          Download Submit

        • \Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe
          Filesize

          92KB

          MD5

          5ae0f6217538d0f9a51ffd03d17fa986

          SHA1

          ea759420b9a312854417f7cce92c021bbbede8ce

          SHA256

          a73e59449ac019ec79f3474cf79046c89557e93342fd2c37d526c10977a9d31f

          SHA512

          7c383dda15112c47eb80529d5c45871191448657612ae2ff0c2a67fd12c4cd3d38f28258720367c27760190cf46f83f737fb28375e74dfc0b6afc79f9ef2dfe2

          Download Submit

        • \Users\Admin\AppData\Local\Temp\ujmpckp.exe
          Filesize

          92KB

          MD5

          48e3213b9bffeb845633c0c757664df0

          SHA1

          6509385608f6b4c57cfaa4f58a70dca33cad6ef3

          SHA256

          d8f6f557df4f0f76e5ad55ff10d15436ac922f9dab2b6bb817c5cafad20a8760

          SHA512

          2313cacdecb17d50d1befa9b59645bce7e4ee98b191b84f0538950800d6ea26e5bb8a7690b9da72a87a920368b92b22b4088ac84efda649f68d7eea6228cf2dc

          Download Submit

        • \Users\Admin\AppData\Local\Temp\ujmpckp.exe
          Filesize

          99KB

          MD5

          f7bf57a1a9de69b900a4295afe449682

          SHA1

          705ee7b14df595e23f70c009ff9212274478947b

          SHA256

          6bbca2feb82ab91ba1635c384ebceac72100499b0501a75342fb91f329291210

          SHA512

          6753b0bc355fc634eacd1741bd345d723c697738c1b0070b5ea10e81e125f64fba776db90951375f90210d3488a3def44842949db403ca0e2ee8aa4880cdf7d4

          Download Submit