Analysis
-
max time kernel
122s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 05:03
Static task
static1
Behavioral task
behavioral1
Sample
dbf051324f11b212a72360bd87f83cc3_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
dbf051324f11b212a72360bd87f83cc3_JaffaCakes118.exe
-
Size
265KB
-
MD5
dbf051324f11b212a72360bd87f83cc3
-
SHA1
83468f9b78b07f972a76b05afc6918dc48ad78d3
-
SHA256
abeb6a5732318dc90dda6d05548903746dedc7bb8b453201e8088a609689ddb4
-
SHA512
3e5fc5ceb498969d55fdaaf987bf8f6de04a54ae7538137f5858f0e5d6e2a2661e964941c13708e692c3d42a173d3f80e0596921f0cb81c7ab25022a2669cd94
-
SSDEEP
3072:j4rWioa3blYcDTD/M1RjJxbZ3iQiiMfcFbaTh/INZyXz/8678ib1uMfwaIGrsxnY:jqx35Y6TD0l4ZBVINgXr8M/NZ5WCgX
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2460 dbf051324f11b212a72360bd87f83cc3_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2460 dbf051324f11b212a72360bd87f83cc3_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
129KB
MD5b53237101787913dd6ff7eb02f5ffd5d
SHA13f16f85c2c1214af930a3e028bbaff171d8a9111
SHA2564dffc0f593549577140448b48664e73ed85801da443c21e888ce40a81beb800f
SHA5125a8c7f6051b6ee14e3ddc4c369dde48426776f8729385cad3e3f58f7758cf290988d664c63d6af2042cdeedb089c4d8eb3673fa369185dd3d1e1b39697ef7ca3
-
Filesize
46KB
MD502d2c46697e3714e49f46b680b9a6b83
SHA184f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA51260348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac
-
Filesize
92KB
MD5bd46342c69fd0683a51911e8976bf6b9
SHA117a2451a41ecaaa03e7634dfd5c534aff30d4ce4
SHA256f1467f4fb97e82cbb8490d787f2ca113f32fcc94a6d008fffb3ae7e73e5a089b
SHA51291e7f0bd5acd35b68788d077529b76a54e9bc4875129a2134bfd5ed5e27588cb43fea26a241e184d9170155c961c16bc724e00502f173351ec2df5c9e3cfb32f