9863682fc963cb5629e01d236a97e07148050ef221029e547bd28f049092d468

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 04:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69bc6e45e7d4831de6cb86170f3f724f_JaffaCakes118.exe
Size

6.0MB
MD5

69bc6e45e7d4831de6cb86170f3f724f
SHA1

dd6634da3036bb7eded5d1a0e7152890a9af89e3
SHA256

9863682fc963cb5629e01d236a97e07148050ef221029e547bd28f049092d468
SHA512

6fe68a1299abceb48d1faa1f089a54e3e18fbddaf180c030c8a5357416be227ea9f3ad1f1259265817afb7ccb9ccb9c6acd5cd22cd56d2a7664d6f53e4249db6
SSDEEP

98304:JghMiYZozy6ac1ZoUGhyfag4HHkqGEuwnZZQmsjhehHOIEhfQoKdYYaZDBCI:Sh3YlXAJGA8ndGEuA6NFx6DeZ9v

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

69bc6e45e7d4831de6cb86170f3f724f_JaffaCakes118.exe

pid process

1672 69bc6e45e7d4831de6cb86170f3f724f_JaffaCakes118.exe
1672 69bc6e45e7d4831de6cb86170f3f724f_JaffaCakes118.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Drops file in System32 directory 1 IoCs

Processes:

69bc6e45e7d4831de6cb86170f3f724f_JaffaCakes118.exe

description ioc process

File created C:\Windows\SysWOW64\GLBSINST.%$D 69bc6e45e7d4831de6cb86170f3f724f_JaffaCakes118.exe

pid	process
1672	69bc6e45e7d4831de6cb86170f3f724f_JaffaCakes118.exe
1672	69bc6e45e7d4831de6cb86170f3f724f_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\GLBSINST.%$D	69bc6e45e7d4831de6cb86170f3f724f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\69bc6e45e7d4831de6cb86170f3f724f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\69bc6e45e7d4831de6cb86170f3f724f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\GLC20E9.tmp

Filesize
161KB

MD5
8c97d8bb1470c6498e47b12c5a03ce39

SHA1
15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7

SHA256
a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a

SHA512
7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

Download Submit
\Users\Admin\AppData\Local\Temp\GLK20F9.tmp

Filesize
33KB

MD5
517419cae37f6c78c80f9b7d0fbb8661

SHA1
a9e419f3d9ef589522556e0920c84fe37a548873

SHA256
bfe7e013cfb85e78b994d3ad34eca08286494a835cb85f1d7bced3df6fe93a11

SHA512
5046565443cf463b6fa4d2d5868879efc6a9db969bf05e3c80725b99bd091ce062cfe66c5551eb1cc5f00a38f2cfcda1f36fb4d60d9ff816c4ec3107b5a0df40

Download Submit