pykspa | 08565ab76bff7b276fa60584ca2adc3afafbce2ac1a47bd5cb014f744370e598

Analysis

max time kernel
3s
max time network
1s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
29/03/2025, 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8cf88a6db7a1d9f426aac73a35f11ce5.exe
Size

640KB
MD5

8cf88a6db7a1d9f426aac73a35f11ce5
SHA1

bb6af4301e7fdf0f8bfa9bcd1582d7162d24053a
SHA256

08565ab76bff7b276fa60584ca2adc3afafbce2ac1a47bd5cb014f744370e598
SHA512

95f5f9c9ce7d84374fa5472647abf2a50c8fb928e8e10912d458fa7452f031c2c4f1cb53cb2dc3f2c6dac72a2eda90d0b1001603384f49d897012bc317f46690
SSDEEP

12288:DIXlgtvm1De5YlOx6lzBH46UTyxeco7pQS/L7no2aT:Dd81yMBbwyno7pQS/LBaT

Score

10^/10

pykspa worm

Malware Config

Signatures

Pykspa
Pykspa is a worm spreads via Skype uses DGA and it's written in C++.
worm pykspa
Pykspa family
pykspa

Detect Pykspa worm 1 IoCs

worm

resource	yara_rule
behavioral1/files/0x000a000000012252-2.dat	family_pykspa

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8cf88a6db7a1d9f426aac73a35f11ce5.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8cf88a6db7a1d9f426aac73a35f11ce5.exe"
1⤵
PID:2488
- C:\Users\Admin\AppData\Local\Temp\wlsotepmgvc.exe
  "C:\Users\Admin\AppData\Local\Temp\wlsotepmgvc.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_8cf88a6db7a1d9f426aac73a35f11ce5.exe*"
  2⤵
  PID:3048
- - C:\Users\Admin\AppData\Local\Temp\lrybmo.exe
    "C:\Users\Admin\AppData\Local\Temp\lrybmo.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_8cf88a6db7a1d9f426aac73a35f11ce5.exe"
    3⤵
    PID:1828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lrybmo.exe

Filesize
320KB

MD5
3c4881af9e6f1890f4880eae15fc3366

SHA1
17468700c57f6493ab803564fdf87585bf863990

SHA256
2815a6fd893d8ce2e3543100d3c2b3ed7922a211bf10a3aecf7569e2228f9625

SHA512
0d159a093f9c7661843536fe4d1a5dc1bd32e43b00b7bac908e8d4ec7bc0c6c8cd56b80d056476d1cda657d384fcbe493e0d3deaf9acd7ac204f670e7952829a

Download Submit
C:\Windows\SysWOW64\nfynkypieqplzcogyc.exe

Filesize
411KB

MD5
17d6a24658d977d94e5ef63fd03f9086

SHA1
1b05431bdd9159c8e0e2ccca98b45b2fc15cf64d

SHA256
fa578b75a5c417ccd56c89f6dd60dd6b928f9e9f4a03ecb2db4f3d50798b5688

SHA512
516d365630651fae24a72a7bccb9c619ead53f5161d4938b0a31429dd73758841044338e4976b45efe8b933fd394b844e9195eb633455eec2d5335026973474c

Download Submit
C:\Windows\lfarqgzusghfvaoicihb.exe

Filesize
64KB

MD5
f7c3a96a2430204a0e600e6debb8c3d0

SHA1
5804bdec8cab2f4414aefd016020a582247b1014

SHA256
eaaa3f0b33c40d2e5c1ccb87411a0956eb14b613bbf4c6c696010aad0bd92047

SHA512
c21f696f35806d7b3c71a1d189e7481f39e78f7d181df32af823a326f95385b26520725d43cfd838ededcf36a55791ce087b0af06aaa96d1b9555b1703dc75ce

Download Submit
\Users\Admin\AppData\Local\Temp\lrybmo.exe

Filesize
256KB

MD5
6646972cfae7a28cf961a1285945ea17

SHA1
0481de07bc604e5f8bbe458ea27aee98ecd3651f

SHA256
76b00ae71c7b1f0e731c443136061440e094526ebea41ca3d509bb4700a1354a

SHA512
1947c8a8377d3b1d76e089e0f3842c0f7e64f475f7a46ae71afdd8f00437b0440b74aec05ac9228f4912dabce3a33628d51307aa7db313d0f5c46dd2208f9767

Download Submit
\Users\Admin\AppData\Local\Temp\wlsotepmgvc.exe

Filesize
320KB

MD5
cc051adb278b69fbd4d3d29e4e4fa15e

SHA1
ff729b39edee982b5d36c8af5c8792cb9001620b

SHA256
88183c966f9ce44f8594d1cac8049213607f0f011a709e90acee6d4c7aec10f6

SHA512
40088496ff0badc048fe801a12f3a5b6193b59f5dc3088ad04eeceaf45202c73bf3fdb20c0983dbb725b572ca123f5d445830853b0238e87596aee5233ca0700

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads