ed24c8b5c6acafadc558815fb293755ab1e9a5e9b06a9e283714f9b6dfd1662f

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 04:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0465732316373586268268f28d325cf3_JaffaCakes118.exe
Size

1.3MB
MD5

0465732316373586268268f28d325cf3
SHA1

febcb9bd1a6ef4a21d102cfa5e29108246431ea2
SHA256

ed24c8b5c6acafadc558815fb293755ab1e9a5e9b06a9e283714f9b6dfd1662f
SHA512

7207d6c6e53d1f72bebbf36c88c1e92a353fced67c70b9928275586b49447409ea721566deef6c3a0bc76f4cc7307448c26d2bf53f261bbd121d3924c75e83cc
SSDEEP

24576:MeQagQTUyowrYUXzUp86bKqMvsOegdiKhgab9MRpu0OA3dzd3l:MeaQT/owrYgzUrbKq4sOeVKhgabib5O+

Score

7^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

0465732316373586268268f28d325cf3_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	0465732316373586268268f28d325cf3_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

0465732316373586268268f28d325cf3_JaffaCakes118.exe

pid process

2832 0465732316373586268268f28d325cf3_JaffaCakes118.exe
2832 0465732316373586268268f28d325cf3_JaffaCakes118.exe

pid	process
2832	0465732316373586268268f28d325cf3_JaffaCakes118.exe
2832	0465732316373586268268f28d325cf3_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0465732316373586268268f28d325cf3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0465732316373586268268f28d325cf3_JaffaCakes118.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:2832

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8285qekew\gui\3385.html
Filesize
5KB

MD5
d06291200b55bd103e0cd8da5f68e4e2

SHA1
428893cfe349e98b35c4e6cc064ad23401d51981

SHA256
8df2d4e4f49162cb5ae0f3a0592e1dd980506a34722520389b6201783b22a27c

SHA512
2abbdab91c35b68ec1eaf506e26373a9ab306bbae1bcd514f4a73c6fb46f736ea79ab53102a3a162728a95dbcafb4c9d911933f4ae332a0f20529915b5563a17

Download Submit
C:\Users\Admin\AppData\Local\Temp\8285qekew\gui\page_2985_attr_3.png
Filesize
13KB

MD5
4a79005439d35d27d4ed8e03071b7f0b

SHA1
98d037545e791651aff96f0f25422b5728098622

SHA256
b9d3f7b2567ac951c75235f3003b9487b2e8e40542174a5f2b371a25ba8cf6f2

SHA512
60fa451ed2e2c143026eb8f5ad4adda4b8c458105735b4ccfaf192650a3e33e70d27ca7325d3e805d382e2b3c57c528a6ba5ad30fc69b25f8f0122b8d83be3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\8285qekew\gui\page_2985_attr_46.bmp
Filesize
41KB

MD5
19cafe521085d306aa66d256bce120c6

SHA1
a41ae63f80dc451fb68a34f64aa86867f2cdbd6e

SHA256
ce22b3fa0bb7ad842657737c51a287caea2623019fcefbea4906462f49e31894

SHA512
936e0ca8f2accfaba11dc190e89ae3d19e2ba0963824e87c24ab7e1cc006cc7232163c90924a1e93abe7d602b64b4b5543544e114d9059ea56b6f28535c8527d

Download Submit
memory/2832-0-0x0000000004E20000-0x0000000004FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2832-103-0x0000000004BD0000-0x0000000004BD1000-memory.dmp

Filesize
4KB

Download
memory/2832-125-0x0000000004BD0000-0x0000000004BD1000-memory.dmp

Filesize
4KB

Download