Overview

overview

7

Static

static

3

060d2f52d0...18.exe

windows7-x64

7

060d2f52d0...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-04-2024 20:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    060d2f52d06e9a813d697e4bf55e717d_JaffaCakes118.exe

  • Size

    567KB

  • MD5

    060d2f52d06e9a813d697e4bf55e717d

  • SHA1

    6b3655fb05561fa3da1de03ea07d39bf71649054

  • SHA256

    5cc2c00b7fd15516238a0289a6a872db9da7f5f27253d0148739c16847e15f01

  • SHA512

    1cb1751279fe66c7946a7768f04be5893c825b6d61aebd0a5f43230ef19c078f262a5f13fd93f68a37846eae10a14c042df098f0f385a1a079ef096d4fc25423

  • SSDEEP

    12288:1b9W3CBwSdIC2EzJwoxZwXbFtGGhGssnfbr9sG2E7xKT62T9mvTjfLT:qCUCbz9ZaPG5znfoENKOFTDX

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\060d2f52d06e9a813d697e4bf55e717d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\060d2f52d06e9a813d697e4bf55e717d_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\206.bat
      2⤵
        PID:2512

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Unsecured Credentials

    1
    T1552

    Credentials In Files

    1
    T1552.001

    Discovery

    Lateral Movement

    Collection

    Data from Local System

    1
    T1005

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\206.bat
      Filesize

      175B

      MD5

      be500df127a4770c4fa7a695cd41529a

      SHA1

      c234dd11e0d4ebd73a6d4f028001d62d69cc2824

      SHA256

      aae8cae540c59ae97490d58e230a406f992db3497df4477f22090abe0883658b

      SHA512

      1aec99e5620e8ccd25786ee11ae4d1c783d5442f229929bb46e3018d581c637b823e6e917ac105fe7bb78901e24423f4bc56d36866e010f8ea611c0240a884fc

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\63615.exe
      Filesize

      567KB

      MD5

      060d2f52d06e9a813d697e4bf55e717d

      SHA1

      6b3655fb05561fa3da1de03ea07d39bf71649054

      SHA256

      5cc2c00b7fd15516238a0289a6a872db9da7f5f27253d0148739c16847e15f01

      SHA512

      1cb1751279fe66c7946a7768f04be5893c825b6d61aebd0a5f43230ef19c078f262a5f13fd93f68a37846eae10a14c042df098f0f385a1a079ef096d4fc25423

      Download Submit
    • memory/2012-0-0x0000000010000000-0x000000001012E000-memory.dmp
      Filesize

      1.2MB

      Download