23226398d73d479d8972b2337025242c8db86397c8f0284400cbe71661156285

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 22:01

Target

6fed82a74c070d6163e4f47fffb19981_JaffaCakes118.exe
Size

554KB
MD5

6fed82a74c070d6163e4f47fffb19981
SHA1

552003efb5079a58adb119d1ce5b30733ff9d241
SHA256

23226398d73d479d8972b2337025242c8db86397c8f0284400cbe71661156285
SHA512

356a6330cbd1eca9be43fc2df3d560bb02720053d832462df820e32a3a1370dd27d85f964e6e21c42260cd5af18e614732525f0ecc39729e0a6cd42409e9eead
SSDEEP

12288:UsLSQt0pkJ6KZ9jlkBdX2Gl45ZLRt100sa3wDhM6tpWgXrqPmRc8z:UsLS2XZ9jlch2GKZ310G3wBpqIc8z

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

6fed82a74c070d6163e4f47fffb19981_JaffaCakes118.exe

description	pid	process	target process
PID 2740 wrote to memory of 2532	2740	6fed82a74c070d6163e4f47fffb19981_JaffaCakes118.exe	cmd.exe
PID 2740 wrote to memory of 2532	2740	6fed82a74c070d6163e4f47fffb19981_JaffaCakes118.exe	cmd.exe
PID 2740 wrote to memory of 2532	2740	6fed82a74c070d6163e4f47fffb19981_JaffaCakes118.exe	cmd.exe
PID 2740 wrote to memory of 2532	2740	6fed82a74c070d6163e4f47fffb19981_JaffaCakes118.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\6fed82a74c070d6163e4f47fffb19981_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6fed82a74c070d6163e4f47fffb19981_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2740

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\477.bat
2⤵
PID:2532

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

C:\Users\Admin\AppData\Local\Temp\477.bat
Filesize
175B

MD5
3e60bb3b52f052120dda89b70d1d6342

SHA1
3f5711f5562e4da639eee68be14b8d1f713c48e7

SHA256
42b882329769cfff57478f0edf9598431f0ed754cf44a8ac7721fda4a5c063b5

SHA512
55d34e59659196401396a010fb1db2361750478fca53f7da6061fb5d84cff8fc236eaba4df97fb104ce339a85d9c3c82a6a3d93d1376e6201b3da6f9de49b3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\53484.exe
Filesize
554KB

MD5
6fed82a74c070d6163e4f47fffb19981

SHA1
552003efb5079a58adb119d1ce5b30733ff9d241

SHA256
23226398d73d479d8972b2337025242c8db86397c8f0284400cbe71661156285

SHA512
356a6330cbd1eca9be43fc2df3d560bb02720053d832462df820e32a3a1370dd27d85f964e6e21c42260cd5af18e614732525f0ecc39729e0a6cd42409e9eead

Download Submit
memory/2740-0-0x0000000010000000-0x0000000010127000-memory.dmp

Filesize
1.2MB

Download