Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-04-2024 04:41

General

  • Target

    0465732316373586268268f28d325cf3_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    0465732316373586268268f28d325cf3

  • SHA1

    febcb9bd1a6ef4a21d102cfa5e29108246431ea2

  • SHA256

    ed24c8b5c6acafadc558815fb293755ab1e9a5e9b06a9e283714f9b6dfd1662f

  • SHA512

    7207d6c6e53d1f72bebbf36c88c1e92a353fced67c70b9928275586b49447409ea721566deef6c3a0bc76f4cc7307448c26d2bf53f261bbd121d3924c75e83cc

  • SSDEEP

    24576:MeQagQTUyowrYUXzUp86bKqMvsOegdiKhgab9MRpu0OA3dzd3l:MeaQT/owrYgzUrbKq4sOeVKhgabib5O+

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0465732316373586268268f28d325cf3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0465732316373586268268f28d325cf3_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious use of SetWindowsHookEx
    PID:2832

Network

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8285qekew\gui\3385.html
    Filesize

    5KB

    MD5

    d06291200b55bd103e0cd8da5f68e4e2

    SHA1

    428893cfe349e98b35c4e6cc064ad23401d51981

    SHA256

    8df2d4e4f49162cb5ae0f3a0592e1dd980506a34722520389b6201783b22a27c

    SHA512

    2abbdab91c35b68ec1eaf506e26373a9ab306bbae1bcd514f4a73c6fb46f736ea79ab53102a3a162728a95dbcafb4c9d911933f4ae332a0f20529915b5563a17

  • C:\Users\Admin\AppData\Local\Temp\8285qekew\gui\page_2985_attr_3.png
    Filesize

    13KB

    MD5

    4a79005439d35d27d4ed8e03071b7f0b

    SHA1

    98d037545e791651aff96f0f25422b5728098622

    SHA256

    b9d3f7b2567ac951c75235f3003b9487b2e8e40542174a5f2b371a25ba8cf6f2

    SHA512

    60fa451ed2e2c143026eb8f5ad4adda4b8c458105735b4ccfaf192650a3e33e70d27ca7325d3e805d382e2b3c57c528a6ba5ad30fc69b25f8f0122b8d83be3f3

  • C:\Users\Admin\AppData\Local\Temp\8285qekew\gui\page_2985_attr_46.bmp
    Filesize

    41KB

    MD5

    19cafe521085d306aa66d256bce120c6

    SHA1

    a41ae63f80dc451fb68a34f64aa86867f2cdbd6e

    SHA256

    ce22b3fa0bb7ad842657737c51a287caea2623019fcefbea4906462f49e31894

    SHA512

    936e0ca8f2accfaba11dc190e89ae3d19e2ba0963824e87c24ab7e1cc006cc7232163c90924a1e93abe7d602b64b4b5543544e114d9059ea56b6f28535c8527d

  • memory/2832-0-0x0000000004E20000-0x0000000004FBE000-memory.dmp
    Filesize

    1.6MB

  • memory/2832-103-0x0000000004BD0000-0x0000000004BD1000-memory.dmp
    Filesize

    4KB

  • memory/2832-125-0x0000000004BD0000-0x0000000004BD1000-memory.dmp
    Filesize

    4KB