04b1eb601896299bb074954ebc91e8762d693113f4476fc0ffa3d4030651fc3d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

346c0c25ca0e93a78cae8f789fa02402_JaffaCakes118.exe
Size

1.3MB
MD5

346c0c25ca0e93a78cae8f789fa02402
SHA1

439452fbccdb5e18612d4b6b0578d5c4be473f6a
SHA256

04b1eb601896299bb074954ebc91e8762d693113f4476fc0ffa3d4030651fc3d
SHA512

e408ebbc92f6074ffb2d7e8de5e6e342d31c43768c29eb68a0016e9f8abe2904cc94d3efeea543ab402350427d22d761d01e5ddfb87d320ed9632e230649d1c8
SSDEEP

24576:Fv1Okt3JTNWwgFgx6/ZmSyl7V2LOx5CCIcIEOZ7ma9MI90OA/CZd3NT:xY43JTNHUgxOmSCacCCIcE1ihOAqz3p

Score

7^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	346c0c25ca0e93a78cae8f789fa02402_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	346c0c25ca0e93a78cae8f789fa02402_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	346c0c25ca0e93a78cae8f789fa02402_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	346c0c25ca0e93a78cae8f789fa02402_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
944	346c0c25ca0e93a78cae8f789fa02402_JaffaCakes118.exe
944	346c0c25ca0e93a78cae8f789fa02402_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\346c0c25ca0e93a78cae8f789fa02402_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\346c0c25ca0e93a78cae8f789fa02402_JaffaCakes118.exe"
1⤵
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5t6b3707fbx\gui\2980.html

Filesize
9KB

MD5
56fb4b28e7009a7b695084a6ac84b176

SHA1
dee98843e9abf17306319f38f7aa51b8b1497e60

SHA256
e8a8cb6cdcd14c997c52e192049b37bc109f1c22e7d24abc6f69ec6058645183

SHA512
4cc812db04fc095e278cab59331d1c8fb890eb901d2869e66d4230e521a400e88c7a7b903f3630c5dcf1bb3d4b3f28dffc249a90d9da7a165cb7e3901a680fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\5t6b3707fbx\gui\page_2985_attr_3.png

Filesize
13KB

MD5
4a79005439d35d27d4ed8e03071b7f0b

SHA1
98d037545e791651aff96f0f25422b5728098622

SHA256
b9d3f7b2567ac951c75235f3003b9487b2e8e40542174a5f2b371a25ba8cf6f2

SHA512
60fa451ed2e2c143026eb8f5ad4adda4b8c458105735b4ccfaf192650a3e33e70d27ca7325d3e805d382e2b3c57c528a6ba5ad30fc69b25f8f0122b8d83be3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\5t6b3707fbx\gui\page_2985_attr_46.bmp

Filesize
41KB

MD5
19cafe521085d306aa66d256bce120c6

SHA1
a41ae63f80dc451fb68a34f64aa86867f2cdbd6e

SHA256
ce22b3fa0bb7ad842657737c51a287caea2623019fcefbea4906462f49e31894

SHA512
936e0ca8f2accfaba11dc190e89ae3d19e2ba0963824e87c24ab7e1cc006cc7232163c90924a1e93abe7d602b64b4b5543544e114d9059ea56b6f28535c8527d

Download Submit
memory/944-0-0x0000000000930000-0x0000000000AEB000-memory.dmp

Filesize
1.7MB

Download
memory/944-103-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

Filesize
4KB

Download
memory/944-170-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

Filesize
4KB

Download