124d8223377941420b9dd05fd9006b900b501c86908da2b665a15d088375f1bc

Analysis

max time kernel
144s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 04:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe
Size

649KB
MD5

0462226fc355fb6c9b0a3c7ba0f0810a
SHA1

ef571b01aa677063321a417e248f7af754b13f48
SHA256

124d8223377941420b9dd05fd9006b900b501c86908da2b665a15d088375f1bc
SHA512

9ca3269248616e86bbe215258d53ab6b21ae70e220dd1f1e0f6b8b2b31db568d0a887a9f27d042d8da32ef86e558ac65cb747ab3ccfaa07c10fe6589dcfabe15
SSDEEP

12288:L0isZsn8vFAJmLPaJfl+Ed7dt4AHNQURii03iKuimWM3FEPl:L0JZhF6zJfF70mOUZSut6l

Score

7^/10

spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1048-7-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-6-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-5-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-1-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-93-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-95-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-94-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-97-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-116-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-118-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-138-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-137-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-139-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-143-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-150-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-153-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-154-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-155-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-156-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-157-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-158-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-159-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-160-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-161-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-162-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-165-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-163-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-166-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-167-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-169-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-171-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-173-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-174-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-176-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-175-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-177-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-178-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-179-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-180-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-181-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-182-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-183-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-184-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-189-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-188-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-190-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-191-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-192-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-193-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-194-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-195-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-196-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-197-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-198-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx
behavioral1/memory/1048-199-0x0000000001BF0000-0x0000000001D31000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

Processes:

0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe

description ioc process

File created C:\PROGRA~2\is259399601.log 0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File created	C:\PROGRA~2\is259399601.log	0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe

pid process

1048 0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe
1048 0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe

description pid process

Token: SeShutdownPrivilege 1048 0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe

pid process

1048 0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe
1048 0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe

pid	process
1048	0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe
1048	0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe

description	pid	process
Token: SeShutdownPrivilege	1048	0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe

pid	process
1048	0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe
1048	0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0462226fc355fb6c9b0a3c7ba0f0810a_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1048

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ISH259~1\images\Close_Hover.png
Filesize
1KB

MD5
83487401daf307d6c726a479de1ee6f9

SHA1
c173be4937a63672570078b325864c76b28040b8

SHA256
f4f0f59fccd9b87b208b416423797dcfb532472dcfef99bef41a11ea9f6f713b

SHA512
da69729b6682acd1c46587c7c3b4533d9afbcf84c17e55f43798f1fee0097c7a2f39860e6dbc6a9b1cb26dc63d9afab4511071981ad5fd494f36ad9659c56e50

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399102\bootstrap_42442.html
Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399102\css\main.css
Filesize
5KB

MD5
c4defa8d39bae67d8f65a0db206ce195

SHA1
61c4c8d278c15f4fbcf3d5c471adf796135920b5

SHA256
ac85063553d730cb11945522296d3887dc200fba829024c92bb3c72ce24b4de1

SHA512
8d9565d2ddbb5b9d336b7275f5e3c3398444cd467a162a5831238057855273571991bfe1812c50a5a94446014e15871ba1a42dfc9f3b53e73d31f185acc2b39f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399102\css\sdk-ui\progress-bar.css
Filesize
507B

MD5
abc5fac091a8548789f3e6b4553ef430

SHA1
c02d3c132f87607b7081a7b61fbd48728cc75ee4

SHA256
d482709570c0f9259ccf0ca4569a9ca05b37798910fe650da459b30dd832c845

SHA512
5e01c691a1b4e2e767e73c32bd74866ebe5a61532438c4c222058f832c26901824fe365157f23a3f559de171332b743c9a55f0ae4ce5c004ae24cd906595a2b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399102\images\BG.gif
Filesize
21KB

MD5
e4f15874b7d6a90e64364a02269bc4df

SHA1
63e6ea43b6f890cb00dab260967723730f525cb0

SHA256
1d4313dacef0bbf110c9f7b8bf4035334a6f7c9f2e05caa775aef936e4fb69d3

SHA512
fc707be1c0209b83f4403e95d2c2b67703d68309b6d27842d596c44179980c29e020a639b90956b79e4661c1e82f8ab615a054475c66d855b49669d7f20ebd35

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399102\images\Color_Button.png
Filesize
1KB

MD5
a379d9826c7537e27c3d039e6d816382

SHA1
19fc3f105175fa7b61d91e3217f2f7b56bc752a6

SHA256
ed26660ccbec7a439f5158741892beb9b63d2e7b9c491e359535d2cbce4f4e72

SHA512
cd2b2c5a559968857ff759351d8d5133410be863b97587ef50ea0b769ff46d142e96aedd24eeeb01b0aca55292cf91a86ea9569fa4c3838007a2aa76ab60ae55

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399102\images\Color_Button_Hover.png
Filesize
1KB

MD5
08ffc7fcaf5adc850cc454275a98274c

SHA1
d504fa7e100b7dc379b83a8565b307e6485bf29b

SHA256
28879145d87be92a4ca7896fc60f6eaa81d5baa5d12af34e768e2ad374a8ffa4

SHA512
96639e4bf4cfc9d353c071768f88cc6da7342619c5e19cffcff0e2fd53edae13b49e398ddc51b2d78ef89900f895f2b26172360222e860dcf11ea43560a111bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399102\images\Loader.gif
Filesize
10KB

MD5
57ca1a2085d82f0574e3ef740b9a5ead

SHA1
2974f4bf37231205a256f2648189a461e74869c0

SHA256
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

SHA512
2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399102\images\icon.png
Filesize
3KB

MD5
b460d82eab7af8ba6e338e351dd0ecdc

SHA1
265b9a3f3c80f40f8534ddcfbf9c1ed61e3b1b20

SHA256
47a4ac193b9bdfe15d0b8a95370823739c2ae4f6ebf2015e1412b880cde6b81d

SHA512
e3add5d91a61da7f64c7860e6303344f37cd49e2fde15c677924d133fec607dfe4ab4d99ec8a3322587b0b186a58e71fcd326e67057a6ff7ef80ad8ed3f0e63e

Download Submit
memory/1048-159-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-166-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-94-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-95-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-93-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-116-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-118-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-8-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1048-138-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-137-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-139-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-143-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-1-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-5-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-6-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-150-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-7-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-153-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-154-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-155-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-156-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-157-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-158-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1048-160-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-161-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-162-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-165-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-163-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-97-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-167-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-169-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-171-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-173-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-174-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-176-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-175-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-177-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-178-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-179-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-180-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-181-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-182-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-183-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-184-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-186-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1048-189-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-188-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-190-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-191-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-192-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-193-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-194-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-195-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-196-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-197-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-198-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download
memory/1048-199-0x0000000001BF0000-0x0000000001D31000-memory.dmp

Filesize
1.3MB

Download