Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-03-2024 00:13
Static task
static1
Behavioral task
behavioral1
Sample
138610cf962ab62eb32d222a4a35b93a_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
138610cf962ab62eb32d222a4a35b93a_JaffaCakes118.exe
-
Size
2.1MB
-
MD5
138610cf962ab62eb32d222a4a35b93a
-
SHA1
7348ff4e3894610a51e7d87a10500455f535c7e3
-
SHA256
b1209191392de48946828e01f2c44c1fb38c09c89425327b29fdcfb1c4dfa566
-
SHA512
c17f4235964de9de8333e21f10c47d7b36df15ea980b39b7e659d762b18a083fb62964a53cb9ed92cec3c2da71b09a66a2d4a2d11a77b93e15278f569fa1ee69
-
SSDEEP
49152:HQwudv0Z+VSX+DYS7jOtIE3Ft4mZtrWiU/mg6Yqs:ww+Icmmp7jOtIEVtBvPIgs
Malware Config
Extracted
ffdroider
http://186.2.171.3
Signatures
-
FFDroider payload 2 IoCs
resource yara_rule behavioral2/memory/180-5-0x0000000000400000-0x0000000000991000-memory.dmp family_ffdroider behavioral2/memory/180-610-0x0000000000400000-0x0000000000991000-memory.dmp family_ffdroider -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 138610cf962ab62eb32d222a4a35b93a_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeManageVolumePrivilege 180 138610cf962ab62eb32d222a4a35b93a_JaffaCakes118.exe Token: SeManageVolumePrivilege 180 138610cf962ab62eb32d222a4a35b93a_JaffaCakes118.exe Token: SeManageVolumePrivilege 180 138610cf962ab62eb32d222a4a35b93a_JaffaCakes118.exe Token: SeManageVolumePrivilege 180 138610cf962ab62eb32d222a4a35b93a_JaffaCakes118.exe Token: SeManageVolumePrivilege 180 138610cf962ab62eb32d222a4a35b93a_JaffaCakes118.exe Token: SeManageVolumePrivilege 180 138610cf962ab62eb32d222a4a35b93a_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14.0MB
MD5c0cd6991dc5109023f9eb3b83eab9699
SHA1cd768c1f0281c57857f8357b00546382b1bc48cb
SHA256052a771da683f5c34ab3341b3b9c5c0627bf8169139f7f6669a757e443490904
SHA5125238ba5afd83c64887c22b930f30ccb753eb0be7836794cd6b8b4250f460e9ef43ad6a6b72fa2e9f1503d5790b171a5bc9f5665ba0ec8e034c0175e98cb99bbc
-
Filesize
52KB
MD5f0ef8b6b27789172ec4574a2b0ff1979
SHA13803d810af44353ca581f19ca2f0db67a32f13a6
SHA25658000163f928028218ffaf3a7920a8af7522b798e46008042ef6cefba62bf607
SHA512ffb0269a821ff149b2dfa6283edfea15c0fab19b69217d9dcf9e2c1174e2e3d13adaa7fc2a85c70fd45d56fcefa2d9dc21ee40c6195f070f1da9709c7a5eee84
-
Filesize
16KB
MD504825e6bb1ee2a4af7f4db66bdf7351b
SHA11f467c1d301a2fda8b40626a6ecbadc2e27be2f6
SHA2568aea0721eb546d8fa35d30460fc4d4192b74bb776e93f49dae45d8cd52774409
SHA512615614636b042d67d282e33ba675ca8ce83a4624e24f967748d6fd0bf538ede6a5a68c8b2ed62973c8e7679405513b64c7dd8eca02bdbbe979ae0f22c60ac65c
-
Filesize
16KB
MD562a57b1ebebff65c4611dd3c5eb268aa
SHA17e0612154b27aa719cc40be2b082d54cf64f2e44
SHA256710caf35bff99eb9288be975909593c561a6564eb685ed4c04665a9513ccdb96
SHA5129646f909550ba21ca59da53b084bc138a8d40fc8d4b00b91315ed8d073a886fbb4a838d9525ccb90550ef24a78ad5be176dbbe857a24a0a819b55967bc25423d
-
Filesize
16KB
MD5a015c2ff1dfef39ae57263294a31daff
SHA1355ce56138fca129195c6ca2cd8659d337388169
SHA25693e306a2891b49dfd3d7febbfd51b71ca803186e0958e5790d37efd633ecfcc9
SHA5121b2896dcb87b2f08c7e9b98e456e1411e455da7f31e15b596c4684ce23d41713cfebdd159f985a7a0b6d83c590a3724ce095e0ee41adec8f678a87d9c1ef9f1a
-
Filesize
16KB
MD583bb56271a23024ab4f128bf778f499c
SHA1dd235aad8480b1a2fad5eb560f78ce0a06480bc8
SHA256d7324bbaa6d71ba04273d20208b706f50412f14bd15c7a7eaa3912f5f32eb317
SHA512fd28dbe6efebfb756d758a31c28138711952fa2edd4ccb59764296b433e53574eaaa57d3e7b30e5253578fe8cab33867c14333911bf97c60f2e0723a42642a3e
-
Filesize
16KB
MD55dbb951220c8b98769b092ee3e5fa3ab
SHA1a428a4d7d4906a778a1cdf38d2766ad2e18c2217
SHA256736152e4546bff7ede6ff634e98e3fbc29dfeb1f1f29ec5d5fffb034e916df42
SHA5122b4dd22af783977d431e869e3fb40e3d8b2f9d2cf3c9f0367da96784f81d8762d099c3cc06b4f036e853d0687035741deccffffb8025fcd12acec743159a8add
-
Filesize
16KB
MD50395a35109ed11aaadbf6561e2f05f3f
SHA1181e9d9cecb8610129f307076f4c90a4cdde33ad
SHA256a64131cb36b9ac6e9df65e2c0752f653349e4a334d9951f21213936199e2f5a5
SHA51243d1ca5eccf29344512bf83ef8eca428c5fffb0f64747d5270774aa6fbf3ac3c32e0353226957089218e16694365ab7900c1f29ee0503781528d634e51f96078
-
Filesize
16KB
MD504b0245c06dfe3a1ce6f79983b99fa01
SHA146f02bed04675311271930d622a6f7c0b9d39bf2
SHA2564e732b9cf42237e6a35c2016074ae9a672567033ca811afdcf08d595d6ad6f8e
SHA5129d4f13c4ab0939b439e183f16265b2a8c0b6e0fa258df5f0be9a94ecef44e56cdf59bb0d6d383c3cdbff7852ca98ec1c93a06bd267c2ba9470ba8baf4a22b252
-
Filesize
16KB
MD598edc9c1a8068677b71c14bf498f2433
SHA1e5d632fd06be8c80950f5196682e9d5bebfb3d46
SHA2563c6b321d253112500338bcdf9c380d93d9b9868dc6658b3998dab31b015045e4
SHA5122f3141846392b920b779e96ad635d4ed2e44ebfc55cdc45008ca3777cff592b305dc34db0ee89cbcdd2da2ef4c4150c1474992ce6ce9280c4294aea94542c6bc
-
Filesize
16KB
MD5edff9fc71218aff3b4c9e1b8786cbfed
SHA1a7b85649e82dce122ed595c62715af6c2020400c
SHA2566176fa10a48bf998bed4a5ba8adfa1f11e4ecd09c17ff3b1e028ee89c5e92a79
SHA512c139c30065063b0c486fb4a3b76cc2f676d88d2b8fbd7d71728ddb92b74a25a2b0e0e3848f981c740e8527f9fab0226f4a234a2ac9dae2628f17268a7a777267
-
Filesize
16KB
MD5a9770c268ccce799ebfdeade9ee38d76
SHA11465809bb0138dd260e47135058a3a18225e016b
SHA2562f2be3775cce34672be3505180492ab9c5ea60c829ec3cd57d7c4be0b413c2bf
SHA512a0fd6131c28a84bf17be0249fd15bcff73df7bafa2b9cc159adc45e29e79a7d438e1062f6d68ad1634b084e2b2ec7b5901370e4d23e0dd5ce0c5f4c6a4033561
-
Filesize
16KB
MD52ca148464ad22fea097073ccbe4ed891
SHA1e23f3e08c5852b52c1e554bfc6446367996007ce
SHA256987a3b60f443c44d5f69e605bddb389edd1ecc7697db008e5db549cacc678ed9
SHA512cc34e2cd04345a8a1da47f6286f8c150f696c79bf37412a26bb9c4470ec3fff29257629e4086a04ec79364a98164f1f2b18dbcbff0694b2f78058f9e90497f6b
-
Filesize
16KB
MD543a087d5327364b0400ea4a0ad61078e
SHA14419cad722d8db07e49a9eb08668e7ce3c1b4cac
SHA256b6d69c27306d59485a3528faf66c42b0d2163e87c1f4e2107dec9b26d4f5fc3e
SHA512856e0bddeb389cf3c19f4c14e3bf78fe18f4948b6de6939acea2b90956402d85d9bf9f570aae693f16b7901d95432934ad2d310879a742de9ef20ddad210b6e3
-
Filesize
16KB
MD5019732c9f1bbf0e468f7bc3276fa42e9
SHA132e7ba523bc6046aa9d1bce5731dbbf854fd48d7
SHA25672f90f8fffc058112d648ce6e359425234cadcc865a2bcafd59567aa85651eb4
SHA5126b85637d56e7d59a5d31cb418d0fc757f3734f716bdb4b65453ecb1e58248f0a65ff9e59afaa6e8e3a181fea7c61fa168b2e43cd8a86fa401224d438044b5ac2
-
Filesize
16KB
MD502424637585ce5009e62e51f591bc367
SHA1ef79a3ef98e88482045bce45c7991b4ac97abcb7
SHA2567ab71c28633cde41124dff3a2e6ada5b458b563d05e8ae4918973c71e24b15da
SHA512e36119635ef70c2585c83abb14559ac50502fd822a4ad7e543b4cb1b60fa8f7d0c74e249e35ecc788cfb239b2f8d75297c2e8e183a6c219e061102aeb200ae97
-
Filesize
16KB
MD5d046dc1b559f27c1cd671bb2d59c878b
SHA10f3b24cd25878c1dd69cbde0c8615e39900e5646
SHA25643eb99ded3e817d5802de3529121fb74f1e63ec61a30b2e55c08846ab60e081b
SHA5128bd63cf3038a02d420a73df53425a914a6252eb68b3144a9290471107b56a34fcd40b8bebadd2643242f1718285e4e872706a74d10854c7c180252b1b2731163
-
Filesize
16KB
MD50d4bf78bf55f6c729faa5f1a23dc2d2b
SHA10f1875ae887779f178e57fac7107e6156317627c
SHA25681b9868040a771c3c1f739a815cd7b3a101fdf2f38373170dd74a42c0c06c950
SHA512996dd2cf53595ac1579a7d089e069e3cf0e067c1eb88fc1fd1604360beb88cfe7d210a77d227437131cb512f0e69226e0d13838a354ebc611e74dc7c7c462ece
-
Filesize
16KB
MD5a65d104ea9217857104d965d5cb290b2
SHA162e23325b9b119cf8131ebaf8e7ee7a772fdf206
SHA256cee34b07ea9436cbf4c47a2d4310fc677bf9fd5f4d6dc70a5ca0878f675b18e8
SHA5128ef593333f181c319c1f0dc34e4908259f709d6d67c7a408866fb8add24b8f6625b61c8880f66f0c8948f3962cfe5ce7334cf830bd96551dad709ae87b205c94
-
Filesize
16KB
MD53b0c8cf241fb330fc7515c1b69e046e4
SHA15c1024ef52e8aacae7c1f3c105144616a4840529
SHA2563640bf1f76ee56a8e3e291df1721d61f6353cc58c6d910fb52ae41819a192d4c
SHA512e01e07361d43ff51647bfe99a367a9cc6c26030b8f5112c2ee55a0219fa3940efe85bcf63f39adf4061c1ee74e2a74df1aa840c14de2dfa3721f2b00e666341d
-
Filesize
16KB
MD5b507f6cee172aaa7e22f18a6543913f7
SHA1d0edec3b3a873187064f548a6fa017a5cce5fef4
SHA2565cde4e9f99334097300ccbfcdb427e4758de23dca22761675666c785ec6220b4
SHA512bfb2fa719c06fb6d6bfa896885bcf991214a7710cef7aea2af629ca7325453f3ba566dad085b984268de4d3e7688e631ac9404831d9f526d938906ba4860ad39
-
Filesize
16KB
MD55272192898f2d41377e3b013244888a2
SHA1b55069f9c50fdc4eb7bb7dc71017e92e4d62d059
SHA25681041da4daf6745d124c2822670d09f2689d9ef82111e24728ced134101bcc38
SHA5129dcb001689bd1707f0cdeba5b8eaa3c2bd3922f2b62c397ca3be1e8a35aba590ff3189bb4c33c481ab5f3585c5fa5174e434426adba5543c024ee123d4832e54
-
Filesize
16KB
MD5d4c0bb220f366eac0a915ab64439c2fc
SHA115a942fd7e5f78310198247a4b988ebf1e6499fa
SHA2562fd61ba4394358e83b3d6f5502c64b5a6a85000c212997abee5c31c4f7f8be4b
SHA51232a0ab8ac60d36072baf7481b8693f2b3b2b846d6db7b22c661aa14e144e4700e43a3efc2c0dee0405056549eab21c8bf2ed28092bd39b36d93d1062ad16e62d
-
Filesize
16KB
MD507448f41c351911df064cea86fe3eb29
SHA197fe38b184c01fc461441ca71714460113129b97
SHA2564bccfa9a7fd663af8db2283aa1e67e355d1d01730768d3e67f278f0205ef10f7
SHA5126da8caed51d5c6546e4a65275b82763b3ceef7fc92f4de0c06bd8a991ea80e17bc2a2e7024a2636cef808abff0ad922fd53fd75c3deeddb99c2a7116474701ca
-
Filesize
16KB
MD5bda02b5cadd9634d0d3ea2973fc07dd6
SHA1f48610e8aa4372c366dc60f494a0d14c264fe615
SHA256617dfd0175769142152216c8d2241398798437c481d07c3b1a64dfc9b55c8500
SHA512871fd764d313447ac2e9a3d1ae66f69837072ae683e97c00fe0d79afa723051f6c5a66dc8ab29b854af4017a7326837f2abc7aaf777ebf7aeaf2aaf0887229b9
-
Filesize
16KB
MD57d6416081724ea4d01c6eebb4798db38
SHA1f7c9671b19f8fcdbdf99294fb75bb17406bbe8d4
SHA256c52e83432798d47b0b9c4603fdd99722cf182af27a8b64eef017f917a1f0f7c9
SHA5125d5e185b60760c33d3f4d0553f09fa8010820e43081739a305047b360af42a59596ed71e84cff651e0420f6abb9cef262c136b38d31446367b18bdbf890b8158
-
Filesize
16KB
MD5dec048fd4c91ec3b633f03ed18226f8e
SHA18d13a5a6599014f218c29cea5cdc8a3ae22d1dd3
SHA256aff77fcf114bccefcc0099266f6d9a46288e3714cb1f5f1aacdc56e9c50ff243
SHA5120b5e4b69c69d8384cb1edc248b1e08942117a1032976be3adf5379c7eb6846b797c8a426abeaac02460aa1c6a77f830b4d3dd7815f81d61753762678bf359af9
-
Filesize
16KB
MD5b4a3f506360e2e7c14305fc9a2a96bfb
SHA1d0eb8d8c7e5cc8e7dae0fa6b9461ab2670fb3741
SHA2566930f73fb5f562b8e803331bc6df99f0ee49410483777c90368533a75f837e8c
SHA512245c296898ed8ff38d11ff12d4f130f06654b208fdb44c230f0c4e2286e56a4845962d76a204dadf8f2c0ede4a8d8296135d58049ce156c458e7255591f4c66d
-
Filesize
16KB
MD5d6ffaee7ae24323c056fddc9fd2b2161
SHA1f0833c6f83c002f5ed9dc1d7c7a692dbf574ca79
SHA2567b9f8718e3d78ddca3ac18ed7f6070ef5e467dfcde770d65a645d728c40e55d3
SHA5128bd9d27d8ccd4173e981f3c1a311e235f9307a8cf587f6e754bbb0c4485f9059dccc43f85de40352dcac3f623cf864ad6898ac022ce85e04e1cb55edd3d1dc26
-
Filesize
16KB
MD5b3dfdc584bccdf0a7e07b20d0816082c
SHA12339151f16fa02dae7cbcd7e1ab49f0789e71382
SHA25676a4ec04f35410511463209f0c8654f587360e19743368239eb769e340444f43
SHA512e549911d59ac4b95863896b7c62c254ef3a096c3cb55c559c432599dc46143b0b17b56bed68f870556a98c0e2737505d0480eb8ddf4adf99de57371afddfe9ff
-
Filesize
16KB
MD5ec59045d360265086f4986882837bc45
SHA1804b64a24b1fa14e2094f91a3bf1214ee1f4667e
SHA2563f7ed36807d7504522f2853eb24395bac2d87e440d148293a4e2c50888183069
SHA5123d5649d396f1a7987ee04067a5355e74b7c444355d7c1a0aae35844e0b05b80cf39ec06a2cf05acce8b5ae80d8538e133b84f8212d855c004758ced49df55f4a
-
Filesize
16KB
MD5efbba7b238233767c4039e9f4bb81ecf
SHA131c45897d21126827607d9cbd5a3f7f581621035
SHA256d630e4fde7163a5955c58f58e9f1aae5380d810a2383c29f697192cdd653b955
SHA512a1356e4b7dbdae42659795eb84d0e83ee1a34e900223d942cf1e097cb1d36145b20a8a7e63ead56690d3b2f2be968bde3b871a383c2ed250479302bcb2cef6e0