Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28-04-2024 04:41
Static task
static1
Behavioral task
behavioral1
Sample
0465732316373586268268f28d325cf3_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
0465732316373586268268f28d325cf3_JaffaCakes118.exe
-
Size
1.3MB
-
MD5
0465732316373586268268f28d325cf3
-
SHA1
febcb9bd1a6ef4a21d102cfa5e29108246431ea2
-
SHA256
ed24c8b5c6acafadc558815fb293755ab1e9a5e9b06a9e283714f9b6dfd1662f
-
SHA512
7207d6c6e53d1f72bebbf36c88c1e92a353fced67c70b9928275586b49447409ea721566deef6c3a0bc76f4cc7307448c26d2bf53f261bbd121d3924c75e83cc
-
SSDEEP
24576:MeQagQTUyowrYUXzUp86bKqMvsOegdiKhgab9MRpu0OA3dzd3l:MeaQT/owrYgzUrbKq4sOeVKhgabib5O+
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
0465732316373586268268f28d325cf3_JaffaCakes118.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 0465732316373586268268f28d325cf3_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Processes:
0465732316373586268268f28d325cf3_JaffaCakes118.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch 0465732316373586268268f28d325cf3_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" 0465732316373586268268f28d325cf3_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main 0465732316373586268268f28d325cf3_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
0465732316373586268268f28d325cf3_JaffaCakes118.exepid process 2020 0465732316373586268268f28d325cf3_JaffaCakes118.exe 2020 0465732316373586268268f28d325cf3_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\8285qekew\gui\3385.htmlFilesize
5KB
MD5d06291200b55bd103e0cd8da5f68e4e2
SHA1428893cfe349e98b35c4e6cc064ad23401d51981
SHA2568df2d4e4f49162cb5ae0f3a0592e1dd980506a34722520389b6201783b22a27c
SHA5122abbdab91c35b68ec1eaf506e26373a9ab306bbae1bcd514f4a73c6fb46f736ea79ab53102a3a162728a95dbcafb4c9d911933f4ae332a0f20529915b5563a17
-
C:\Users\Admin\AppData\Local\Temp\8285qekew\gui\page_2985_attr_3.pngFilesize
13KB
MD54a79005439d35d27d4ed8e03071b7f0b
SHA198d037545e791651aff96f0f25422b5728098622
SHA256b9d3f7b2567ac951c75235f3003b9487b2e8e40542174a5f2b371a25ba8cf6f2
SHA51260fa451ed2e2c143026eb8f5ad4adda4b8c458105735b4ccfaf192650a3e33e70d27ca7325d3e805d382e2b3c57c528a6ba5ad30fc69b25f8f0122b8d83be3f3
-
C:\Users\Admin\AppData\Local\Temp\8285qekew\gui\page_2985_attr_46.bmpFilesize
41KB
MD519cafe521085d306aa66d256bce120c6
SHA1a41ae63f80dc451fb68a34f64aa86867f2cdbd6e
SHA256ce22b3fa0bb7ad842657737c51a287caea2623019fcefbea4906462f49e31894
SHA512936e0ca8f2accfaba11dc190e89ae3d19e2ba0963824e87c24ab7e1cc006cc7232163c90924a1e93abe7d602b64b4b5543544e114d9059ea56b6f28535c8527d
-
memory/2020-0-0x0000000002A00000-0x0000000002B9E000-memory.dmpFilesize
1.6MB
-
memory/2020-103-0x0000000000D60000-0x0000000000D61000-memory.dmpFilesize
4KB
-
memory/2020-149-0x000000000B420000-0x000000000B440000-memory.dmpFilesize
128KB
-
memory/2020-166-0x0000000000D60000-0x0000000000D61000-memory.dmpFilesize
4KB