Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-04-2024 19:56

General

  • Target

    e5bc336d5b167e228a26db807d9cf966_JaffaCakes118.exe

  • Size

    1.6MB

  • MD5

    e5bc336d5b167e228a26db807d9cf966

  • SHA1

    949c073fd60ff6a226083c5a6cc10f0a7bf5a192

  • SHA256

    ed23ac10b6f0076beb4e32dbecf2823c464382bda0659c94bbb1d9ef7b5185cc

  • SHA512

    6c05ada48158d79306459be4877cf6599e8992f06fa43fff668aeb4517e67466910d7296e356db0f4bf8753ccd20b43360a99198608b30b0a7afd8bcacf345c9

  • SSDEEP

    49152:k/fwhofLeH4si17tnyKl6ZAZ5a0mLTqOrX:kwhweHxiUMaxD

Score
7/10

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e5bc336d5b167e228a26db807d9cf966_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e5bc336d5b167e228a26db807d9cf966_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3376
    • C:\Users\Admin\AppData\Local\Temp\e5bc336d5b167e228a26db807d9cf966_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\e5bc336d5b167e228a26db807d9cf966_JaffaCakes118.exe" /wrapper /dir="C:\Users\Admin\AppData\Local\Temp\pkg_133819fa0"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3588
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3776 --field-trial-handle=2232,i,9772508353233483703,11473701862007458502,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1516

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\pkg_133819fa0\autorun.txt

      Filesize

      122B

      MD5

      e317442ded8f447389930f66a506f6c7

      SHA1

      5cce6656d3ceb4189c3a1d8c64f45fce9600793d

      SHA256

      ee5211978916035d08e22e7dac501d752dacd728ec5206b8face8dc014848cc9

      SHA512

      b1d72ecf7e73ca9c1adfc732f7b38479b9039d344611cd14dd9f32d99bbb5748d6acd4845008eb2bce1203e12b8e18cfa4860f5344088ddb1f4d0f509c017453

    • C:\Users\Admin\AppData\Local\Temp\pkg_133819fa0\wrapper.xml

      Filesize

      798B

      MD5

      1d45a29e3511b982a1f91b33c70e964f

      SHA1

      176a47b489be3f27dc354a2b9dd0b580bb2f3904

      SHA256

      0a69c29fe16727b18425df8ded1cfe9d07a380b9f23f1beb32f60fefc000b3dc

      SHA512

      c574719f56a9cc0a3c393001f0774a5826afa5972906d9d9d214a183724a9f7226483a7181a0030e0f801b481a19957761efc170a10850aec786623eb939eb69