Analysis
-
max time kernel
141s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
19-04-2024 22:01
Static task
static1
Behavioral task
behavioral1
Sample
fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe
Resource
win7-20231129-en
General
-
Target
fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe
-
Size
1.0MB
-
MD5
fb42a4d9e7a418782eacac2efeeb9acb
-
SHA1
cc5a54f5b8cc11ebc3f45f1d734d2f5fa821e77a
-
SHA256
97880ddd0dd524ff9c3bc68832b2db68c26619c7e923c4cf697b05cdac0b0e7e
-
SHA512
063b3d9f0f9cd0d56eff2dc2c2504c3ac51a57cfbd75ee2b901508b48e9a0f61b3ef4a20fffd13376a31006644fa76f9640306f57a76d2446ca56584bad95180
-
SSDEEP
24576:tfQYosxhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRt+Gn:To54clgLH+tkWJ0Nb
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 5 api.ipify.org 6 api.ipify.org 14 ip-api.com -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exepid Process 2104 fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe 2104 fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exedescription pid Process Token: SeDebugPrivilege 2104 fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2104
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4292 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:81⤵PID:2244
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\078BFBFF000306D2A4B55DEC13\13078BFBFF000306D2A4B55DEC\Browsers\Passwords\Passwords_Edge.txt
Filesize426B
MD542fa959509b3ed7c94c0cf3728b03f6d
SHA1661292176640beb0b38dc9e7a462518eb592d27d
SHA256870ef3d2370932a8938faa60abd47d75ea0af98bfa11c82ae8efe9e94fd8be00
SHA5127def291737d081c93d0cc38ac8d3062fd34d93b68d191eb0d54e9857e0c0afdbcd241471a2e10c28ce8db3b1d1ae0dba2ef6f609cfe8a1e8fe1dd103dba80007
-
C:\Users\Admin\AppData\Roaming\078BFBFF000306D2A4B55DEC13\13078BFBFF000306D2A4B55DEC\Grabber\RestoreMove.doc
Filesize1.2MB
MD55718256fc3b55527bea1438ace5eb9a2
SHA167a35429722144a32e95ed202bde1c86ff568b0b
SHA256dbfd28412b21881507ccb928eb4e02971fe93491a03cfc1b91cef6ed521f1554
SHA512e06f8e10e094c950b18a4528860c80ebcce1510abf5b16896ebfbdf86eead3cd2f57104eb60b69cea8fa3c9b486992433002b93aa653b279b660aa549fb8dd68