Analysis

  • max time kernel
    131s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 04:34

General

  • Target

    69bc6e45e7d4831de6cb86170f3f724f_JaffaCakes118.exe

  • Size

    6.0MB

  • MD5

    69bc6e45e7d4831de6cb86170f3f724f

  • SHA1

    dd6634da3036bb7eded5d1a0e7152890a9af89e3

  • SHA256

    9863682fc963cb5629e01d236a97e07148050ef221029e547bd28f049092d468

  • SHA512

    6fe68a1299abceb48d1faa1f089a54e3e18fbddaf180c030c8a5357416be227ea9f3ad1f1259265817afb7ccb9ccb9c6acd5cd22cd56d2a7664d6f53e4249db6

  • SSDEEP

    98304:JghMiYZozy6ac1ZoUGhyfag4HHkqGEuwnZZQmsjhehHOIEhfQoKdYYaZDBCI:Sh3YlXAJGA8ndGEuA6NFx6DeZ9v

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69bc6e45e7d4831de6cb86170f3f724f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\69bc6e45e7d4831de6cb86170f3f724f_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GLC3BB1.tmp

    Filesize

    161KB

    MD5

    8c97d8bb1470c6498e47b12c5a03ce39

    SHA1

    15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7

    SHA256

    a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a

    SHA512

    7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

  • C:\Users\Admin\AppData\Local\Temp\GLK3BF1.tmp

    Filesize

    33KB

    MD5

    517419cae37f6c78c80f9b7d0fbb8661

    SHA1

    a9e419f3d9ef589522556e0920c84fe37a548873

    SHA256

    bfe7e013cfb85e78b994d3ad34eca08286494a835cb85f1d7bced3df6fe93a11

    SHA512

    5046565443cf463b6fa4d2d5868879efc6a9db969bf05e3c80725b99bd091ce062cfe66c5551eb1cc5f00a38f2cfcda1f36fb4d60d9ff816c4ec3107b5a0df40