Overview

overview

7

Static

static

3

d5b1f4e230...18.exe

windows7-x64

7

d5b1f4e230...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-04-2024 13:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5b1f4e23072e2544743dc64ab33c304_JaffaCakes118.exe

  • Size

    250KB

  • MD5

    d5b1f4e23072e2544743dc64ab33c304

  • SHA1

    beac8bc4749f468abe100891bef58e77937e6770

  • SHA256

    84ae8fb70597b294f97dc4bb4413cfaafbfefb740950e2f6a52d7b8bed897913

  • SHA512

    e21aa34168270ffbcc5ff0d14395ef58239b45beddd0010044349d7c6e7d6591af5bee0cd4d6b7f3ad9ada214133ba78dc67fa848533d77bd8f790fbb2e82152

  • SSDEEP

    6144:BtfDwsjPThT5zL2780N2vAE+Zmmt0fSoD76GopfGh4U7:B5hVc80N2Ymmt0LDXoNQ

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3356
      • C:\Users\Admin\AppData\Local\Temp\d5b1f4e23072e2544743dc64ab33c304_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\d5b1f4e23072e2544743dc64ab33c304_JaffaCakes118.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2172
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a55F0.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4760
          • C:\Users\Admin\AppData\Local\Temp\d5b1f4e23072e2544743dc64ab33c304_JaffaCakes118.exe
            "C:\Users\Admin\AppData\Local\Temp\d5b1f4e23072e2544743dc64ab33c304_JaffaCakes118.exe"
            4⤵
            • Executes dropped EXE
            PID:180
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3700

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\7-Zip\7z.exe
      Filesize

      602KB

      MD5

      73038a20a2f3fad5f4269b5ddc6faed6

      SHA1

      e72ea33459d017c5b2bdeec3e288bd726cb54ca4

      SHA256

      6f0e438fa7197f0e12ca7659804395a438f644615789c931b1d3b68c71acde3b

      SHA512

      9fe32aed4b42d99aae0bc5ae9fa1d5c77e0ad8d49cf98ca2dbcee588f3799f11d132c87153844d96d819d5effbbd0a67974b798b4417ab4b0d90f4cddb93be43

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$a55F0.bat
      Filesize

      614B

      MD5

      d973e21a09c2570ceeeff16138f9e5ab

      SHA1

      28ba98bd8db0fc8d74297ef72794d1f49cff8df1

      SHA256

      cdb6411f3f0740e4b1abb11a429bf65ded498674a25e8b3a9338de7467e7792a

      SHA512

      cb3fb2e2fbb4983b81e5aeda57bd1db3926450c3f8ffbed649ed7e493532b8c4caed4abcf9cf887cf0306c2c1cc6a63fd99c1012b11fe9ddd489603b28035f19

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\d5b1f4e23072e2544743dc64ab33c304_JaffaCakes118.exe.exe
      Filesize

      191KB

      MD5

      1650874a0337b8776e5f92791f26c709

      SHA1

      a536423256becc7fa873a5af70ad0ac6f053312d

      SHA256

      2b8f77719ff7528fc7147d381d98f0171390b94b85f84f9b4483e9322f140726

      SHA512

      05e76d7d107e7b8d1c9ee6f68f824a0c04a6658e994aa44f86d08aba38e641bba06dfc3668160d0f55625f784e263fe3010231f0a0c76d637b378622662147db

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      58KB

      MD5

      900ef496519cb93a3f999271aaa82b9c

      SHA1

      0796f29248d0c314cb35a374df833ac2d3516750

      SHA256

      65f5ab8d24cce61bbee3c3629a2a4c0ffe6e936d2e37c2a6290f9eaa484fe6d9

      SHA512

      9054049dd534c712d37634e5c0eca3474fd3acf6592ea8fb92403436cd18078fab2f0fedb6bdcbf82b95c586868fddfc6c0b9dba251caa129d6c0ba8958acace

      Download Submit

    • memory/2172-6-0x0000000000400000-0x0000000000422000-memory.dmp

      Filesize

      136KB

      Download

    • memory/3700-223-0x0000000000400000-0x0000000000422000-memory.dmp

      Filesize

      136KB

      Download