pykspa | fba54a1e535fd297b65592dfcdf1fb54a75af0a4e496d924ea15eac85eec1a2e

Analysis

max time kernel
5s
max time network
4s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/03/2025, 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_95740da3398074068a3996678d1bd6ab.exe
Size

492KB
MD5

95740da3398074068a3996678d1bd6ab
SHA1

de012d8f2e88279034b24544e88df79b500234e7
SHA256

fba54a1e535fd297b65592dfcdf1fb54a75af0a4e496d924ea15eac85eec1a2e
SHA512

cfac8aec23668a899e878bdc133475567b55fe4dfae735356f0756927fdf324380f74982cad2d64f69c4ef0894b8bd9d7b74c1e884298170ed3df103ac13eaa2
SSDEEP

6144:+jg5pk1GS0xX3lPtbNN/DNRgkpiZzjhDQ0oeGF91YVusYJx+9sisyYpFTOOzHNNl:mg5pBHxXptbN5ZRgOiBjw/C0AWzFjRo2

Score

10^/10

pykspa worm

Malware Config

Signatures

Pykspa
Pykspa is a worm spreads via Skype uses DGA and it's written in C++.
worm pykspa
Pykspa family
pykspa

Detect Pykspa worm 3 IoCs

worm

resource	yara_rule
behavioral1/files/0x000d000000012262-6.dat	family_pykspa
behavioral1/files/0x0005000000019273-67.dat	family_pykspa
behavioral1/files/0x0005000000019273-72.dat	family_pykspa

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2900	JaffaCakes118_95740da3398074068a3996678d1bd6ab.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_95740da3398074068a3996678d1bd6ab.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_95740da3398074068a3996678d1bd6ab.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2900
- C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe
  "C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_95740da3398074068a3996678d1bd6ab.exe*"
  2⤵
  PID:2108
- - C:\Users\Admin\AppData\Local\Temp\ajqxxij.exe
    "C:\Users\Admin\AppData\Local\Temp\ajqxxij.exe" "-C:\Users\Admin\AppData\Local\Temp\zrhxgakfshoduygg.exe"
    3⤵
    PID:2640
- - C:\Users\Admin\AppData\Local\Temp\ajqxxij.exe
    "C:\Users\Admin\AppData\Local\Temp\ajqxxij.exe" "-C:\Users\Admin\AppData\Local\Temp\zrhxgakfshoduygg.exe"
    3⤵
    PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ajqxxij.exe

Filesize
712KB

MD5
2c2e385b0216cbc61d978b2782d68fcc

SHA1
ec3f30cc7ba3fff27649fe9ab960f748279df372

SHA256
170aa00b3fec20577fbe8c889abfbab2d737a47231323abdde81c9bbc27ca55c

SHA512
690a484c5ad9128659569e0c63bcf8cb1629848c1bcbb4997892eecd3ec76020c0d875c59f3eb5e3bee22076ecad5b5da6c56f229dd7e0946a57ea7c68cd0404

Download Submit
C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe

Filesize
320KB

MD5
eb09c682903ecbd87f30b0366e008d8f

SHA1
59b0dc27c06ce536327490439a37751a3dbd5e38

SHA256
c4b122f7bab30363b472a3dffb8a7c61604c0ec4719ebd233ccbac8be0951be1

SHA512
83236c0955b81375666c10445d2cf5e4723b24e42e4ee5fb951f53945483be2fff5c8ef167f08cfad3accc162c61e750bb1039edbf09e26afe18cba2f994eb5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\gzqhrmxthxfvnsbcq.exe

Filesize
92KB

MD5
761045285e658aa9251fcaecc3739eb6

SHA1
6999f746dc9af751788df2ed8b73f6b3baca604b

SHA256
1edbc4341b09ce4717c34c3fe1866963557104d87d65af5895e71092c8dec6f1

SHA512
3d060bdf5d1d297e1087eb4df354e3b192aa51735bfc4aed71b5bcd776a55b2ae76ae3082182c088c815e75b9cf17160aa9f69cdb10547a9f2ca9d2872df483e

Download Submit
C:\Users\Admin\AppData\Local\Temp\njdxkiwvmfqjemyctujf.exe

Filesize
405KB

MD5
573529785de931f678d6132304b12d63

SHA1
bf50d06650a6a83c3f0425132ee8c6e5fd4938ed

SHA256
352058af4b50bdb27b029c7ed5bfa12340bc7cadb2e29d28fb29d9283e51ba81

SHA512
a6d66801bf0165de54bdc67515f63d0923d05f495cba023d22ecae50a326c25e4d0c1936f46fc2a354913e6770946592b786b0b018cca7174020472d6a9e9cfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\trnjyyopidqlisgmfizxtp.exe

Filesize
136KB

MD5
398dca975e08f4970481ecc699512194

SHA1
59788da734e600ff3d2f365ea0b162c85c17e964

SHA256
e4452729cdba6e16c8680292bb088df769a01e2b9c26ec98113de6c8e13a85d9

SHA512
c2130b822b513fa666201767de31d9a666ba9f1d271a270605f21bcfe05d59d88f4dc843a29738f05a727d315f1af25d6d5723b1815cc95eedd33279883efbdd

Download Submit
C:\Users\Admin\AppData\Local\mruxtaxffhbdhytggqotwzvcz.hjd

Filesize
272B

MD5
d49e95b02b5af5d5992b021a666b8fae

SHA1
9341a4ce2477350418e6779d4b72316444025781

SHA256
fe8327705574b9453de59d52ca483765a44712757b8100d9c6632d05366a3047

SHA512
ce60a6de3602d8cdaefaff9335f1eec7eed803e5c731f3f5f1ce523b85f25f30e7f27af2ea5480140d9aeb9f463d9fc9a6117d818478824acc72e8968f56daa1

Download Submit
C:\Users\Admin\AppData\Local\rhvjqiqjuhmzoqwufajznbiaibmzergiomxs.rft

Filesize
3KB

MD5
fbf5b7631e8a4b4c84a3fce3c6a793cb

SHA1
378d819cad780dfdd4ddc2e7ed1e11b20874b4fd

SHA256
8918df464125c70e3b1419684dc5755a74b94908b3e2ebc39b4c9c1f9f474cd4

SHA512
28682ec4a004a5c7f4352bd1130946bec68a0437e14ed9aec392ee59a9a8490c4f515cb621448ea408cec92afd37606851892d7ef524152f2a5fc0ff85c498bf

Download Submit
C:\Windows\SysWOW64\njdxkiwvmfqjemyctujf.exe

Filesize
386KB

MD5
30b7f28d6800a2ac5497e076fd01e721

SHA1
f3eba75ab95249a1e98b13586772caead907a0fb

SHA256
7e6436d1d7413a32812de32b6e6bb137c1b652c8c106f3746023a00e4460498f

SHA512
c2152e2d3a088c6179b0867f3baa19974941866c9d6a274ee203db2514741362addd41468ddb861fe8b5281ece6e776d65002fc7559976b91cf8e9496911e7c0

Download Submit
C:\Windows\SysWOW64\pjbteamjypypioyapo.exe

Filesize
492KB

MD5
95740da3398074068a3996678d1bd6ab

SHA1
de012d8f2e88279034b24544e88df79b500234e7

SHA256
fba54a1e535fd297b65592dfcdf1fb54a75af0a4e496d924ea15eac85eec1a2e

SHA512
cfac8aec23668a899e878bdc133475567b55fe4dfae735356f0756927fdf324380f74982cad2d64f69c4ef0894b8bd9d7b74c1e884298170ed3df103ac13eaa2

Download Submit
C:\Windows\czupdcrrjdpjfobgyaqni.exe

Filesize
448KB

MD5
c243af741329f059ad556cfcf42e7fe0

SHA1
dd41bf243aa4efb179b309f83c8e4ea91f54e7c1

SHA256
fd0d500fbfa484ab9295bb2d0e88e3490488bebca35b644d4fbb3f9b43945c18

SHA512
e42f5b3be0cb6bfdffc448b8e4e6e7120a598cf959e8fa88e9b5bf24835312143e1709aa02b749f99778d86f12d05fa9a805b9919864eea166bcdcf2071b2094

Download Submit
C:\Windows\trnjyyopidqlisgmfizxtp.exe

Filesize
411KB

MD5
5a58067905f4cc81a0fd8a3cb96570d8

SHA1
a3e7ff8d2564cdad5b19b62af063bf58a053df05

SHA256
80c30b775311c9d9d290d606efebe3fb723fddbd1858089e270ed081ea383589

SHA512
c8045d6dfa8ff4956451c86d20581f35408948f80db8ce801d6542a17f45329fe8dd54f2f3136fa81acee110a27c84325683e1f4226137a4652bf394e88a3735

Download Submit
\Users\Admin\AppData\Local\Temp\ajqxxij.exe

Filesize
411KB

MD5
15e5dddc9af84d3290790daad13773c4

SHA1
0e25da8420eea66f34b7b7e22bb49fcc3cfa9de4

SHA256
9167d79e0c1cfd163fdab54dfdb823ea868af810af42e5e63e9cd4c0be662cf2

SHA512
b7b75a190389b3ec3e9c140106dda3d2baa6663ffc981c18dd01404f2a727fe3b5ea09d40701b7d9620bb97b100d010193849416dc3e9f54a80c2adeb9ed1301

Download Submit