Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-03-2024 00:13

General

  • Target

    138610cf962ab62eb32d222a4a35b93a_JaffaCakes118.exe

  • Size

    2.1MB

  • MD5

    138610cf962ab62eb32d222a4a35b93a

  • SHA1

    7348ff4e3894610a51e7d87a10500455f535c7e3

  • SHA256

    b1209191392de48946828e01f2c44c1fb38c09c89425327b29fdcfb1c4dfa566

  • SHA512

    c17f4235964de9de8333e21f10c47d7b36df15ea980b39b7e659d762b18a083fb62964a53cb9ed92cec3c2da71b09a66a2d4a2d11a77b93e15278f569fa1ee69

  • SSDEEP

    49152:HQwudv0Z+VSX+DYS7jOtIE3Ft4mZtrWiU/mg6Yqs:ww+Icmmp7jOtIEVtBvPIgs

Malware Config

Extracted

Family

ffdroider

C2

http://186.2.171.3

Signatures

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

  • FFDroider payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\138610cf962ab62eb32d222a4a35b93a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\138610cf962ab62eb32d222a4a35b93a_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious use of AdjustPrivilegeToken
    PID:180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\d

    Filesize

    14.0MB

    MD5

    c0cd6991dc5109023f9eb3b83eab9699

    SHA1

    cd768c1f0281c57857f8357b00546382b1bc48cb

    SHA256

    052a771da683f5c34ab3341b3b9c5c0627bf8169139f7f6669a757e443490904

    SHA512

    5238ba5afd83c64887c22b930f30ccb753eb0be7836794cd6b8b4250f460e9ef43ad6a6b72fa2e9f1503d5790b171a5bc9f5665ba0ec8e034c0175e98cb99bbc

  • C:\Users\Admin\AppData\Local\Temp\d.INTEG.RAW

    Filesize

    52KB

    MD5

    f0ef8b6b27789172ec4574a2b0ff1979

    SHA1

    3803d810af44353ca581f19ca2f0db67a32f13a6

    SHA256

    58000163f928028218ffaf3a7920a8af7522b798e46008042ef6cefba62bf607

    SHA512

    ffb0269a821ff149b2dfa6283edfea15c0fab19b69217d9dcf9e2c1174e2e3d13adaa7fc2a85c70fd45d56fcefa2d9dc21ee40c6195f070f1da9709c7a5eee84

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    04825e6bb1ee2a4af7f4db66bdf7351b

    SHA1

    1f467c1d301a2fda8b40626a6ecbadc2e27be2f6

    SHA256

    8aea0721eb546d8fa35d30460fc4d4192b74bb776e93f49dae45d8cd52774409

    SHA512

    615614636b042d67d282e33ba675ca8ce83a4624e24f967748d6fd0bf538ede6a5a68c8b2ed62973c8e7679405513b64c7dd8eca02bdbbe979ae0f22c60ac65c

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    62a57b1ebebff65c4611dd3c5eb268aa

    SHA1

    7e0612154b27aa719cc40be2b082d54cf64f2e44

    SHA256

    710caf35bff99eb9288be975909593c561a6564eb685ed4c04665a9513ccdb96

    SHA512

    9646f909550ba21ca59da53b084bc138a8d40fc8d4b00b91315ed8d073a886fbb4a838d9525ccb90550ef24a78ad5be176dbbe857a24a0a819b55967bc25423d

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    a015c2ff1dfef39ae57263294a31daff

    SHA1

    355ce56138fca129195c6ca2cd8659d337388169

    SHA256

    93e306a2891b49dfd3d7febbfd51b71ca803186e0958e5790d37efd633ecfcc9

    SHA512

    1b2896dcb87b2f08c7e9b98e456e1411e455da7f31e15b596c4684ce23d41713cfebdd159f985a7a0b6d83c590a3724ce095e0ee41adec8f678a87d9c1ef9f1a

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    83bb56271a23024ab4f128bf778f499c

    SHA1

    dd235aad8480b1a2fad5eb560f78ce0a06480bc8

    SHA256

    d7324bbaa6d71ba04273d20208b706f50412f14bd15c7a7eaa3912f5f32eb317

    SHA512

    fd28dbe6efebfb756d758a31c28138711952fa2edd4ccb59764296b433e53574eaaa57d3e7b30e5253578fe8cab33867c14333911bf97c60f2e0723a42642a3e

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    5dbb951220c8b98769b092ee3e5fa3ab

    SHA1

    a428a4d7d4906a778a1cdf38d2766ad2e18c2217

    SHA256

    736152e4546bff7ede6ff634e98e3fbc29dfeb1f1f29ec5d5fffb034e916df42

    SHA512

    2b4dd22af783977d431e869e3fb40e3d8b2f9d2cf3c9f0367da96784f81d8762d099c3cc06b4f036e853d0687035741deccffffb8025fcd12acec743159a8add

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    0395a35109ed11aaadbf6561e2f05f3f

    SHA1

    181e9d9cecb8610129f307076f4c90a4cdde33ad

    SHA256

    a64131cb36b9ac6e9df65e2c0752f653349e4a334d9951f21213936199e2f5a5

    SHA512

    43d1ca5eccf29344512bf83ef8eca428c5fffb0f64747d5270774aa6fbf3ac3c32e0353226957089218e16694365ab7900c1f29ee0503781528d634e51f96078

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    04b0245c06dfe3a1ce6f79983b99fa01

    SHA1

    46f02bed04675311271930d622a6f7c0b9d39bf2

    SHA256

    4e732b9cf42237e6a35c2016074ae9a672567033ca811afdcf08d595d6ad6f8e

    SHA512

    9d4f13c4ab0939b439e183f16265b2a8c0b6e0fa258df5f0be9a94ecef44e56cdf59bb0d6d383c3cdbff7852ca98ec1c93a06bd267c2ba9470ba8baf4a22b252

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    98edc9c1a8068677b71c14bf498f2433

    SHA1

    e5d632fd06be8c80950f5196682e9d5bebfb3d46

    SHA256

    3c6b321d253112500338bcdf9c380d93d9b9868dc6658b3998dab31b015045e4

    SHA512

    2f3141846392b920b779e96ad635d4ed2e44ebfc55cdc45008ca3777cff592b305dc34db0ee89cbcdd2da2ef4c4150c1474992ce6ce9280c4294aea94542c6bc

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    edff9fc71218aff3b4c9e1b8786cbfed

    SHA1

    a7b85649e82dce122ed595c62715af6c2020400c

    SHA256

    6176fa10a48bf998bed4a5ba8adfa1f11e4ecd09c17ff3b1e028ee89c5e92a79

    SHA512

    c139c30065063b0c486fb4a3b76cc2f676d88d2b8fbd7d71728ddb92b74a25a2b0e0e3848f981c740e8527f9fab0226f4a234a2ac9dae2628f17268a7a777267

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    a9770c268ccce799ebfdeade9ee38d76

    SHA1

    1465809bb0138dd260e47135058a3a18225e016b

    SHA256

    2f2be3775cce34672be3505180492ab9c5ea60c829ec3cd57d7c4be0b413c2bf

    SHA512

    a0fd6131c28a84bf17be0249fd15bcff73df7bafa2b9cc159adc45e29e79a7d438e1062f6d68ad1634b084e2b2ec7b5901370e4d23e0dd5ce0c5f4c6a4033561

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    2ca148464ad22fea097073ccbe4ed891

    SHA1

    e23f3e08c5852b52c1e554bfc6446367996007ce

    SHA256

    987a3b60f443c44d5f69e605bddb389edd1ecc7697db008e5db549cacc678ed9

    SHA512

    cc34e2cd04345a8a1da47f6286f8c150f696c79bf37412a26bb9c4470ec3fff29257629e4086a04ec79364a98164f1f2b18dbcbff0694b2f78058f9e90497f6b

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    43a087d5327364b0400ea4a0ad61078e

    SHA1

    4419cad722d8db07e49a9eb08668e7ce3c1b4cac

    SHA256

    b6d69c27306d59485a3528faf66c42b0d2163e87c1f4e2107dec9b26d4f5fc3e

    SHA512

    856e0bddeb389cf3c19f4c14e3bf78fe18f4948b6de6939acea2b90956402d85d9bf9f570aae693f16b7901d95432934ad2d310879a742de9ef20ddad210b6e3

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    019732c9f1bbf0e468f7bc3276fa42e9

    SHA1

    32e7ba523bc6046aa9d1bce5731dbbf854fd48d7

    SHA256

    72f90f8fffc058112d648ce6e359425234cadcc865a2bcafd59567aa85651eb4

    SHA512

    6b85637d56e7d59a5d31cb418d0fc757f3734f716bdb4b65453ecb1e58248f0a65ff9e59afaa6e8e3a181fea7c61fa168b2e43cd8a86fa401224d438044b5ac2

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    02424637585ce5009e62e51f591bc367

    SHA1

    ef79a3ef98e88482045bce45c7991b4ac97abcb7

    SHA256

    7ab71c28633cde41124dff3a2e6ada5b458b563d05e8ae4918973c71e24b15da

    SHA512

    e36119635ef70c2585c83abb14559ac50502fd822a4ad7e543b4cb1b60fa8f7d0c74e249e35ecc788cfb239b2f8d75297c2e8e183a6c219e061102aeb200ae97

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    d046dc1b559f27c1cd671bb2d59c878b

    SHA1

    0f3b24cd25878c1dd69cbde0c8615e39900e5646

    SHA256

    43eb99ded3e817d5802de3529121fb74f1e63ec61a30b2e55c08846ab60e081b

    SHA512

    8bd63cf3038a02d420a73df53425a914a6252eb68b3144a9290471107b56a34fcd40b8bebadd2643242f1718285e4e872706a74d10854c7c180252b1b2731163

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    0d4bf78bf55f6c729faa5f1a23dc2d2b

    SHA1

    0f1875ae887779f178e57fac7107e6156317627c

    SHA256

    81b9868040a771c3c1f739a815cd7b3a101fdf2f38373170dd74a42c0c06c950

    SHA512

    996dd2cf53595ac1579a7d089e069e3cf0e067c1eb88fc1fd1604360beb88cfe7d210a77d227437131cb512f0e69226e0d13838a354ebc611e74dc7c7c462ece

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    a65d104ea9217857104d965d5cb290b2

    SHA1

    62e23325b9b119cf8131ebaf8e7ee7a772fdf206

    SHA256

    cee34b07ea9436cbf4c47a2d4310fc677bf9fd5f4d6dc70a5ca0878f675b18e8

    SHA512

    8ef593333f181c319c1f0dc34e4908259f709d6d67c7a408866fb8add24b8f6625b61c8880f66f0c8948f3962cfe5ce7334cf830bd96551dad709ae87b205c94

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    3b0c8cf241fb330fc7515c1b69e046e4

    SHA1

    5c1024ef52e8aacae7c1f3c105144616a4840529

    SHA256

    3640bf1f76ee56a8e3e291df1721d61f6353cc58c6d910fb52ae41819a192d4c

    SHA512

    e01e07361d43ff51647bfe99a367a9cc6c26030b8f5112c2ee55a0219fa3940efe85bcf63f39adf4061c1ee74e2a74df1aa840c14de2dfa3721f2b00e666341d

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    b507f6cee172aaa7e22f18a6543913f7

    SHA1

    d0edec3b3a873187064f548a6fa017a5cce5fef4

    SHA256

    5cde4e9f99334097300ccbfcdb427e4758de23dca22761675666c785ec6220b4

    SHA512

    bfb2fa719c06fb6d6bfa896885bcf991214a7710cef7aea2af629ca7325453f3ba566dad085b984268de4d3e7688e631ac9404831d9f526d938906ba4860ad39

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    5272192898f2d41377e3b013244888a2

    SHA1

    b55069f9c50fdc4eb7bb7dc71017e92e4d62d059

    SHA256

    81041da4daf6745d124c2822670d09f2689d9ef82111e24728ced134101bcc38

    SHA512

    9dcb001689bd1707f0cdeba5b8eaa3c2bd3922f2b62c397ca3be1e8a35aba590ff3189bb4c33c481ab5f3585c5fa5174e434426adba5543c024ee123d4832e54

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    d4c0bb220f366eac0a915ab64439c2fc

    SHA1

    15a942fd7e5f78310198247a4b988ebf1e6499fa

    SHA256

    2fd61ba4394358e83b3d6f5502c64b5a6a85000c212997abee5c31c4f7f8be4b

    SHA512

    32a0ab8ac60d36072baf7481b8693f2b3b2b846d6db7b22c661aa14e144e4700e43a3efc2c0dee0405056549eab21c8bf2ed28092bd39b36d93d1062ad16e62d

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    07448f41c351911df064cea86fe3eb29

    SHA1

    97fe38b184c01fc461441ca71714460113129b97

    SHA256

    4bccfa9a7fd663af8db2283aa1e67e355d1d01730768d3e67f278f0205ef10f7

    SHA512

    6da8caed51d5c6546e4a65275b82763b3ceef7fc92f4de0c06bd8a991ea80e17bc2a2e7024a2636cef808abff0ad922fd53fd75c3deeddb99c2a7116474701ca

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    bda02b5cadd9634d0d3ea2973fc07dd6

    SHA1

    f48610e8aa4372c366dc60f494a0d14c264fe615

    SHA256

    617dfd0175769142152216c8d2241398798437c481d07c3b1a64dfc9b55c8500

    SHA512

    871fd764d313447ac2e9a3d1ae66f69837072ae683e97c00fe0d79afa723051f6c5a66dc8ab29b854af4017a7326837f2abc7aaf777ebf7aeaf2aaf0887229b9

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    7d6416081724ea4d01c6eebb4798db38

    SHA1

    f7c9671b19f8fcdbdf99294fb75bb17406bbe8d4

    SHA256

    c52e83432798d47b0b9c4603fdd99722cf182af27a8b64eef017f917a1f0f7c9

    SHA512

    5d5e185b60760c33d3f4d0553f09fa8010820e43081739a305047b360af42a59596ed71e84cff651e0420f6abb9cef262c136b38d31446367b18bdbf890b8158

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    dec048fd4c91ec3b633f03ed18226f8e

    SHA1

    8d13a5a6599014f218c29cea5cdc8a3ae22d1dd3

    SHA256

    aff77fcf114bccefcc0099266f6d9a46288e3714cb1f5f1aacdc56e9c50ff243

    SHA512

    0b5e4b69c69d8384cb1edc248b1e08942117a1032976be3adf5379c7eb6846b797c8a426abeaac02460aa1c6a77f830b4d3dd7815f81d61753762678bf359af9

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    b4a3f506360e2e7c14305fc9a2a96bfb

    SHA1

    d0eb8d8c7e5cc8e7dae0fa6b9461ab2670fb3741

    SHA256

    6930f73fb5f562b8e803331bc6df99f0ee49410483777c90368533a75f837e8c

    SHA512

    245c296898ed8ff38d11ff12d4f130f06654b208fdb44c230f0c4e2286e56a4845962d76a204dadf8f2c0ede4a8d8296135d58049ce156c458e7255591f4c66d

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    d6ffaee7ae24323c056fddc9fd2b2161

    SHA1

    f0833c6f83c002f5ed9dc1d7c7a692dbf574ca79

    SHA256

    7b9f8718e3d78ddca3ac18ed7f6070ef5e467dfcde770d65a645d728c40e55d3

    SHA512

    8bd9d27d8ccd4173e981f3c1a311e235f9307a8cf587f6e754bbb0c4485f9059dccc43f85de40352dcac3f623cf864ad6898ac022ce85e04e1cb55edd3d1dc26

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    b3dfdc584bccdf0a7e07b20d0816082c

    SHA1

    2339151f16fa02dae7cbcd7e1ab49f0789e71382

    SHA256

    76a4ec04f35410511463209f0c8654f587360e19743368239eb769e340444f43

    SHA512

    e549911d59ac4b95863896b7c62c254ef3a096c3cb55c559c432599dc46143b0b17b56bed68f870556a98c0e2737505d0480eb8ddf4adf99de57371afddfe9ff

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    ec59045d360265086f4986882837bc45

    SHA1

    804b64a24b1fa14e2094f91a3bf1214ee1f4667e

    SHA256

    3f7ed36807d7504522f2853eb24395bac2d87e440d148293a4e2c50888183069

    SHA512

    3d5649d396f1a7987ee04067a5355e74b7c444355d7c1a0aae35844e0b05b80cf39ec06a2cf05acce8b5ae80d8538e133b84f8212d855c004758ced49df55f4a

  • C:\Users\Admin\AppData\Local\Temp\d.jfm

    Filesize

    16KB

    MD5

    efbba7b238233767c4039e9f4bb81ecf

    SHA1

    31c45897d21126827607d9cbd5a3f7f581621035

    SHA256

    d630e4fde7163a5955c58f58e9f1aae5380d810a2383c29f697192cdd653b955

    SHA512

    a1356e4b7dbdae42659795eb84d0e83ee1a34e900223d942cf1e097cb1d36145b20a8a7e63ead56690d3b2f2be968bde3b871a383c2ed250479302bcb2cef6e0

  • memory/180-46-0x0000000004F00000-0x0000000004F08000-memory.dmp

    Filesize

    32KB

  • memory/180-134-0x0000000005020000-0x0000000005028000-memory.dmp

    Filesize

    32KB

  • memory/180-133-0x00000000050C0000-0x00000000050C8000-memory.dmp

    Filesize

    32KB

  • memory/180-147-0x0000000004DE0000-0x0000000004DE8000-memory.dmp

    Filesize

    32KB

  • memory/180-132-0x00000000050B0000-0x00000000050B8000-memory.dmp

    Filesize

    32KB

  • memory/180-155-0x0000000005020000-0x0000000005028000-memory.dmp

    Filesize

    32KB

  • memory/180-157-0x0000000005050000-0x0000000005058000-memory.dmp

    Filesize

    32KB

  • memory/180-131-0x0000000005000000-0x0000000005008000-memory.dmp

    Filesize

    32KB

  • memory/180-130-0x0000000004E80000-0x0000000004E88000-memory.dmp

    Filesize

    32KB

  • memory/180-127-0x0000000004E80000-0x0000000004E88000-memory.dmp

    Filesize

    32KB

  • memory/180-119-0x0000000004DE0000-0x0000000004DE8000-memory.dmp

    Filesize

    32KB

  • memory/180-118-0x0000000004DC0000-0x0000000004DC8000-memory.dmp

    Filesize

    32KB

  • memory/180-79-0x0000000005260000-0x0000000005268000-memory.dmp

    Filesize

    32KB

  • memory/180-77-0x0000000005390000-0x0000000005398000-memory.dmp

    Filesize

    32KB

  • memory/180-69-0x0000000004F00000-0x0000000004F08000-memory.dmp

    Filesize

    32KB

  • memory/180-56-0x0000000005390000-0x0000000005398000-memory.dmp

    Filesize

    32KB

  • memory/180-54-0x0000000005260000-0x0000000005268000-memory.dmp

    Filesize

    32KB

  • memory/180-0-0x0000000000400000-0x0000000000991000-memory.dmp

    Filesize

    5.6MB

  • memory/180-33-0x0000000005260000-0x0000000005268000-memory.dmp

    Filesize

    32KB

  • memory/180-32-0x00000000053F0000-0x00000000053F8000-memory.dmp

    Filesize

    32KB

  • memory/180-31-0x00000000054F0000-0x00000000054F8000-memory.dmp

    Filesize

    32KB

  • memory/180-30-0x0000000005110000-0x0000000005118000-memory.dmp

    Filesize

    32KB

  • memory/180-29-0x00000000050F0000-0x00000000050F8000-memory.dmp

    Filesize

    32KB

  • memory/180-26-0x00000000050E0000-0x00000000050E8000-memory.dmp

    Filesize

    32KB

  • memory/180-24-0x0000000004F00000-0x0000000004F08000-memory.dmp

    Filesize

    32KB

  • memory/180-23-0x0000000004EE0000-0x0000000004EE8000-memory.dmp

    Filesize

    32KB

  • memory/180-16-0x0000000004450000-0x0000000004460000-memory.dmp

    Filesize

    64KB

  • memory/180-10-0x0000000003970000-0x0000000003980000-memory.dmp

    Filesize

    64KB

  • memory/180-7-0x00000000001D0000-0x00000000001D3000-memory.dmp

    Filesize

    12KB

  • memory/180-5-0x0000000000400000-0x0000000000991000-memory.dmp

    Filesize

    5.6MB

  • memory/180-1-0x00000000001D0000-0x00000000001D3000-memory.dmp

    Filesize

    12KB

  • memory/180-610-0x0000000000400000-0x0000000000991000-memory.dmp

    Filesize

    5.6MB