Overview

overview

7

Static

static

3

ce317d38ba...18.exe

windows7-x64

7

ce317d38ba...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/04/2024, 08:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ce317d38ba247091d10346da60177c71_JaffaCakes118.exe

  • Size

    3.3MB

  • MD5

    ce317d38ba247091d10346da60177c71

  • SHA1

    05cf0dfd068f987ee69bf6b535a734647b6b865d

  • SHA256

    1a4c51b86f2d5a1537986382255170cbdfca2f7a28546a17f090f80cef5076d7

  • SHA512

    956f23032a9dac5f8adb6cea90048f09b98574f9171d3b169cdb489acc56c0b965bb62e2fb01c80a3e45a1611fc83a736f68cb9210b69a839293b86307badc80

  • SSDEEP

    49152:qwaIxkm0TfwaIxkm0T3waIxkm0T3waIxkm0T3waIxkm0TY:JHXXXF

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce317d38ba247091d10346da60177c71_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ce317d38ba247091d10346da60177c71_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Users\Admin\AppData\Local\Temp\ce317d38ba247091d10346da60177c71_JaffaCakes118.usa
      C:\Users\Admin\AppData\Local\Temp\ce317d38ba247091d10346da60177c71_JaffaCakes118.usa
      2⤵
      • Executes dropped EXE
      PID:2104

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\UsaShohdi.asu
          Filesize

          3.3MB

          MD5

          ce317d38ba247091d10346da60177c71

          SHA1

          05cf0dfd068f987ee69bf6b535a734647b6b865d

          SHA256

          1a4c51b86f2d5a1537986382255170cbdfca2f7a28546a17f090f80cef5076d7

          SHA512

          956f23032a9dac5f8adb6cea90048f09b98574f9171d3b169cdb489acc56c0b965bb62e2fb01c80a3e45a1611fc83a736f68cb9210b69a839293b86307badc80

          Download Submit

        • \Users\Admin\AppData\Local\Temp\ce317d38ba247091d10346da60177c71_JaffaCakes118.usa
          Filesize

          83KB

          MD5

          fd9dfa6958a6dbc6cbd249b1cb79ca03

          SHA1

          f6c3eb801512814d745d5b4678f03cc542118850

          SHA256

          fc25d24b2f847b6403e5f9793562050dd8d8cd2d1726544a18ce14b387a4a3da

          SHA512

          e1e679fee0e7f85eebc6917a4220b80b3b2b4f6d2ce0f5c2e6f017e1075723555f5e5c467cb800576ddef0e33ca4e73aadab64add09e0eacb9d97fb54a9a87b8

          Download Submit