20c19ac9067913709adfae1ba6ddfb6ff1ff0c390b606e88f4ab67a77c3ad575

Analysis

max time kernel
129s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6928efec16cb7f0bd04b01dce520dd74_JaffaCakes118.exe
Size

697KB
MD5

6928efec16cb7f0bd04b01dce520dd74
SHA1

6a46a4a238b957a0c75e4f1702c57b0247df6dd4
SHA256

20c19ac9067913709adfae1ba6ddfb6ff1ff0c390b606e88f4ab67a77c3ad575
SHA512

9f5c02c3414da95917d337b28e0bd1b06d93294e5448c7c0f540128bba7f0b154562dd06c8d1e668a1da492782bb282b705f223495befa04f698c0baf1c0b13c
SSDEEP

12288:04Vcmjo5jAUdAvbfWUGrfdxR3qGnxPhn2BgdaZoiyaQ879D8ZkmkytUG:0N2oRXAvLGJlx522d6oiBX7EkpytUG

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

MYz3SZQD8.exe

pid process

1420 MYz3SZQD8.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
1420	MYz3SZQD8.exe

Drops Chrome extension 1 IoCs

Processes:

MYz3SZQD8.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jppncalpmhlajnokjdhhplemjeokgkia\2.19\manifest.json	MYz3SZQD8.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

6928efec16cb7f0bd04b01dce520dd74_JaffaCakes118.exe

description	pid	process	target process
PID 216 wrote to memory of 1420	216	6928efec16cb7f0bd04b01dce520dd74_JaffaCakes118.exe	MYz3SZQD8.exe
PID 216 wrote to memory of 1420	216	6928efec16cb7f0bd04b01dce520dd74_JaffaCakes118.exe	MYz3SZQD8.exe
PID 216 wrote to memory of 1420	216	6928efec16cb7f0bd04b01dce520dd74_JaffaCakes118.exe	MYz3SZQD8.exe

C:\Users\Admin\AppData\Local\Temp\6928efec16cb7f0bd04b01dce520dd74_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6928efec16cb7f0bd04b01dce520dd74_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:216

C:\Users\Admin\AppData\Local\Temp\00294823\MYz3SZQD8.exe
"C:\Users\Admin\AppData\Local\Temp/00294823/MYz3SZQD8.exe"
2⤵
- Executes dropped EXE
- Drops Chrome extension
PID:1420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\bootstrap.js

Filesize
2KB

MD5
1b53c596cfb1aa2209446ff64c17dabd

SHA1
2542da14728dcdbe1763f1ee39fe9ceae38ad414

SHA256
a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

SHA512
be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\chrome.manifest

Filesize
110B

MD5
c52079e08a77dccf7a5c572a6c2acc8f

SHA1
1bacff4e9274c4fdab50eb39edcc7ad8c433ff5e

SHA256
282ba1ec499edfe25acedae444053b7d7476756a6065ba4fc81be357877db76b

SHA512
1e13181cf88b90bd62072166de7db97373b856abeaa48c0623c5e90bb72b2f7c7c0e5774ff404afd34f4b13d88d9ffa4e6390f1175f18f49c9d53685f96c05ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\content\bg.js

Filesize
9KB

MD5
6495da7e0bf5f9c242afacd90fdf00af

SHA1
e83f6839169346608e12a2ad999b02b14df08e25

SHA256
f85ae54f36caf25371d1676e61b53e15161da407016a42aeb854e25f9cb625a6

SHA512
96ad1c9e8a0fe9a9ea198e0480d2c1c62a98f73e95fc1d6c19816053a42682f3e9f003740c8f38aed2593fbe51f77c71083167c0f6001148be2d7a0ee237b120

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\install.rdf

Filesize
611B

MD5
fbac35321b8dca4d70cde1028f083e65

SHA1
7ff98abcd06d7903989f74c37bf5cdd899db03b4

SHA256
3f9e587ae0854fa3d8802c6d6fd762972cfb460ac9dc8fe2852c273bd2b5e579

SHA512
f0d9f8f2a7319015149a8b3611be36133409966f224db1260da0e826ea55de328b009552da52665c19d8811c3e9d79e990d5b3e48ff9b6b140c3639cd223b985

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\MYz3SZQD8.dat

Filesize
1KB

MD5
9108d206935e78844b96f4a14b913b23

SHA1
fcff4c6b342924bc54352422ab564416a82a71ee

SHA256
717ce1e49867e3686c04c1f5112b818e4338b5320e3b6de172f1c71d44981125

SHA512
b9ebf097ac8ddf5effaf34eef041cc19f1b35b82f9f110466a9e3f7ffd00eb70e5703f53a331e0389099e428ae8b88332d42bb4651e9b94efcd92252e40a8312

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\MYz3SZQD8.exe

Filesize
482KB

MD5
2f21b030acc94619252a33d36dc2694c

SHA1
82c9801ec0d132500bc823defe9aaa1b8679d198

SHA256
bf0a543d607d8c4f6a64ceb3a09488cfd7631191eb2c6ff6db3532ff1d34a62b

SHA512
27cb565725965634f7ee0b50ec1502cc188273194c4960545d503e91891d59d842d7a1c3f4b3347d501dd2e5ee89af9b148be1c7fbc6df65488a675eb42e030f

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\jppncalpmhlajnokjdhhplemjeokgkia\DnYflSFwGC.js

Filesize
5KB

MD5
ffee4f4b4e3d80940f681d4695cc1861

SHA1
b3e46bac280cd8e74a8b6b0531e2db45d8a72f65

SHA256
d982331de6e6b5cc3da4d1f1b0286e0fc636295617ed82eb2bb322563fb8e08a

SHA512
185be64f4ab579f46c6029d55c3018abafb18659d1a64f02ff060c3c1153ba60bfe8fe37651a66aea3ebba6f0b00f6516f63f0e48b7a210e3a87ded92a528144

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\jppncalpmhlajnokjdhhplemjeokgkia\background.html

Filesize
147B

MD5
89a980eb3c95d035f1fdf15b161ec8d2

SHA1
6369fc0b83478220276b1b4571ef60f55966d1a8

SHA256
1f848ef8545727ca7c12965cbc9847168043f5ca4a522cc3b6b9e0f5c930bb5d

SHA512
daf870cd592980def957e250b7117535948b4f2749c4d5e0dab93e92bf37a63f4c0169e8c17d5d07e6fc241982b07efd2b9b04ffd5d4a1ce00b6b95f7d85df72

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\jppncalpmhlajnokjdhhplemjeokgkia\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\jppncalpmhlajnokjdhhplemjeokgkia\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\jppncalpmhlajnokjdhhplemjeokgkia\manifest.json

Filesize
510B

MD5
cfe77a14d8ec3a168c93f0ed483368ff

SHA1
53974b1889919e39a2798a2cfd50fd02fb0d6e9d

SHA256
71d33cc871985249350cfe5e081763713dada0b98b491dcfb979d708f6f5fa41

SHA512
ab807ed59c40b7556e31b677fb3f8f78cd1354dbc6b63ef913d6116a2f698a049dc5e051097c0b24af7bef494178badb412ffe8e59c7c833ac3e2031b5078b30

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\jppncalpmhlajnokjdhhplemjeokgkia\sqlite.js

Filesize
1KB

MD5
6d25a2d6715de893b1a530aa0d8f1260

SHA1
ca2d5fbe73aeb27fe6f2e6be1519c9b06827fea2

SHA256
0cef3f8d534faa7f872315e14965d98065743795647d8b72662e54fc5cc3b3f3

SHA512
ec2ed229191c51449b5067c3f342a14966f0c2c81db548bc143e47bab3a8b373b5050da56f5d79c0da61f15383544d18ab200c54f2ae6db8a9e89bb768adb789

Download Submit