139f1ecb5ae9ff0282af8ff5d7c06f2fe444f13db55adf0d720b2721fd9f4795

Analysis

max time kernel
134s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

330dce3e0cee2761bd14069c8f1a1ded_JaffaCakes118.exe
Size

1.3MB
MD5

330dce3e0cee2761bd14069c8f1a1ded
SHA1

f4804bc00b5fb11332d18a3d59d5a2165b515029
SHA256

139f1ecb5ae9ff0282af8ff5d7c06f2fe444f13db55adf0d720b2721fd9f4795
SHA512

3c17671e40a2f45893d44c694249008ea8e73cd49ed8c33379d8acea1047c1c740707dbe1c53ecba1bfce6b571164d3bceef8d956b600c0a02357966b657a0b9
SSDEEP

24576:/AuOVglTUt1RBO8kp98R64TBwUItmhw9DCPBdjht0OAQL:G+lTUtpMp98wEyUZ6CD9+OAs

Score

7^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	330dce3e0cee2761bd14069c8f1a1ded_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1020	330dce3e0cee2761bd14069c8f1a1ded_JaffaCakes118.exe
1020	330dce3e0cee2761bd14069c8f1a1ded_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\330dce3e0cee2761bd14069c8f1a1ded_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\330dce3e0cee2761bd14069c8f1a1ded_JaffaCakes118.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:1020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\i76ou53r\gui\page_3973_attr_3.png

Filesize
6KB

MD5
58979c541147a84cbe53efafef2dda24

SHA1
b6a97e5be9ae7b977920d509393315c3f8406522

SHA256
650c29daea12f595c3f57e826c0ac9fd30fc65d5c631340bc9175797bfdd3f5a

SHA512
d54448e57fd55d411f80ec31c9292cbc8d43e345b34488b5114c3262e7622e6b57474a20c2c60ab77848860480c8677392208f2ef42f284234193ad7577fdf9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\i76ou53r\gui\page_3973_attr_46.bmp

Filesize
41KB

MD5
19cafe521085d306aa66d256bce120c6

SHA1
a41ae63f80dc451fb68a34f64aa86867f2cdbd6e

SHA256
ce22b3fa0bb7ad842657737c51a287caea2623019fcefbea4906462f49e31894

SHA512
936e0ca8f2accfaba11dc190e89ae3d19e2ba0963824e87c24ab7e1cc006cc7232163c90924a1e93abe7d602b64b4b5543544e114d9059ea56b6f28535c8527d

Download Submit
C:\Users\Admin\AppData\Local\Temp\i76ou53r\wizard.xml

Filesize
7KB

MD5
cb1f825e1e0bb6299211cd4396f39d69

SHA1
a45d01d6494825d8f461b6331f4c7a799a6c4102

SHA256
5a0000ba64313a69e050897a7af18436b7333c4403a61cbbe120f0f73b59173d

SHA512
e6d927081a3417eb33c4b0429c2f91a9064b3b8e43c27c6ad3b83826ecc6dad6d8fca5bdcecac78b66aca144115165ef9a6ff46ebdfd975b6dc4952d9c50913d

Download Submit
memory/1020-1-0x0000000004480000-0x000000000462F000-memory.dmp

Filesize
1.7MB

Download
memory/1020-88-0x0000000005040000-0x0000000005041000-memory.dmp

Filesize
4KB

Download
memory/1020-109-0x0000000005040000-0x0000000005041000-memory.dmp

Filesize
4KB

Download