85f7a009f0f9e0d9bf057edc24bf584eb08349cec1818588d3a61106dbd2ab99

Analysis

max time kernel
143s
max time network
148s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 22:21

Target

06332c76bab3c4b5b15158f41f92b3b8_JaffaCakes118.exe
Size

2.6MB
MD5

06332c76bab3c4b5b15158f41f92b3b8
SHA1

8d837c4126ee98e94c5664d4f17bfe69389da8a5
SHA256

85f7a009f0f9e0d9bf057edc24bf584eb08349cec1818588d3a61106dbd2ab99
SHA512

846451df9130c85168e4e0d057a92b74bd025e77536734ce828d1a3ee6d68b3f488ea2c318eccb32a917d47b5157d155e229ea8a238bf495017a59f545614a0f
SSDEEP

49152:Pmxak0hQbAzDlk5G/xYmBvclEJZPIZwjnHTow5OiW8CtQw8j+DdT9jOotbgJSr3n:+k5GbA9hv8EJdboH3mml6iqN

Score

7^/10

spyware stealer

Loads dropped DLL 1 IoCs

Processes:

06332c76bab3c4b5b15158f41f92b3b8_JaffaCakes118.exe

pid process

1740 06332c76bab3c4b5b15158f41f92b3b8_JaffaCakes118.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

06332c76bab3c4b5b15158f41f92b3b8_JaffaCakes118.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

\Users\Admin\AppData\Local\Temp\cd.dll
Filesize
692KB

MD5
8b9e960ba4971deedbc8f141ea20e58c

SHA1
194307d3493b723dde50ee65a069bf702353b3dd

SHA256
fb637cf304db7a39a7474cf222789fc9560a69334ec1871accfb476790975e4e

SHA512
9b2fafffb40db5fdef41fe77c3b9424ae8d54c2258a526b7abd013d4058388a41397ceb7d5621e60991771908385b6b9228a31a7369c60a17e48e234685e4ada

Download Submit