10527ce49a19a0a306af0a5d4ffa2633bf93dd1e7e53564045b76d32013411bd

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b8e008342d2b50d2ac3b2dd0009911c_JaffaCakes118.exe
Size

694KB
MD5

8b8e008342d2b50d2ac3b2dd0009911c
SHA1

77ae988b870302fde7ede882e9ce1b69b1f7482b
SHA256

10527ce49a19a0a306af0a5d4ffa2633bf93dd1e7e53564045b76d32013411bd
SHA512

4e3566b78e7e308c65c3601b11cb8fa1b48b1218acd51d1ff81a97380e2cc737762ea8596012ada5c5700a86b125d2bbb0029dbac8f84c233a8308d0ee0daed1
SSDEEP

12288:5aGn+aamkZ/C5BmFYpPzlrHMeGU+jaDGQZAPiO7mDgdhkXW:5aqcZ/zFYpprwdricIg/kG

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1256	dc1T.exe

Loads dropped DLL 1 IoCs

pid	Process
1148	8b8e008342d2b50d2ac3b2dd0009911c_JaffaCakes118.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmoggeckcmdjpkmanbeaijccojiomgpf\1.1\manifest.json	dc1T.exe
File created	C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmoggeckcmdjpkmanbeaijccojiomgpf\1.1\manifest.json	dc1T.exe
File created	C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmoggeckcmdjpkmanbeaijccojiomgpf\1.1\manifest.json	dc1T.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 1256	1148	8b8e008342d2b50d2ac3b2dd0009911c_JaffaCakes118.exe	28
PID 1148 wrote to memory of 1256	1148	8b8e008342d2b50d2ac3b2dd0009911c_JaffaCakes118.exe	28
PID 1148 wrote to memory of 1256	1148	8b8e008342d2b50d2ac3b2dd0009911c_JaffaCakes118.exe	28
PID 1148 wrote to memory of 1256	1148	8b8e008342d2b50d2ac3b2dd0009911c_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\8b8e008342d2b50d2ac3b2dd0009911c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8b8e008342d2b50d2ac3b2dd0009911c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Users\Admin\AppData\Local\Temp\4fc85778\dc1T.exe
  "C:\Users\Admin\AppData\Local\Temp/4fc85778/dc1T.exe"
  2⤵
  - Executes dropped EXE
  - Drops Chrome extension
  PID:1256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4fc85778\[email protected]\bootstrap.js

Filesize
2KB

MD5
df13f711e20e9c80171846d4f2f7ae06

SHA1
56d29cda58427efe0e21d3880d39eb1b0ef60bee

SHA256
6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4

SHA512
6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e

Download Submit
C:\Users\Admin\AppData\Local\Temp\4fc85778\[email protected]\chrome.manifest

Filesize
24B

MD5
c1dc5dc2217e18007ef54c4c7895da9a

SHA1
1ec7487f714f51c0ee67a2f98d43cadd680b50d9

SHA256
da91a71b037e7c10a8572051b520ef5c9fbbacc6a3c65a74cb78c6451f93a648

SHA512
ee3b93f3b3031560aac21efdc1078beac3ad22e94a312e02a1690c514b7f72310f6dd54ab98c76c44a1f3cc01b17f86c486346d35c8f369cdc1d0f8bfbff909d

Download Submit
C:\Users\Admin\AppData\Local\Temp\4fc85778\[email protected]\content\bg.js

Filesize
31KB

MD5
3bb859c6bc95b89d3063bfa1e663fc66

SHA1
93da99a1508c27ff7b57afec6429df9d6a592d7b

SHA256
537ad1e56476fe6ce017d44e1abf18f2c3f9be894c03d78b311cbb243ca75317

SHA512
b34405bf83f40e2422720821958c0204b502842db2de88c19679cb9c2625a79cc494436d57297b115f75a47432d4a75178afce264b25a97663cbd3bb756e64e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\4fc85778\[email protected]\install.rdf

Filesize
605B

MD5
8911072bfcc7d7699ff8f3522ab2cb9f

SHA1
9cd38a2b7410525d605405d2583dd67e114f6d92

SHA256
d34f6b7241e5b112729e319cdb3a087e353f107eceba1b646396414694c7664c

SHA512
eae4158866320f0475830bef3ab9b3576c44dd02fd4ebe001d2a63e4ac1b83bea3b3d59ce09c993c6a8ad6330c03b7df44bbd231b9a5ea9b2478ab9a432b0d23

Download Submit
C:\Users\Admin\AppData\Local\Temp\4fc85778\dc1T.dat

Filesize
1KB

MD5
bd8be46c0079e714e7a8751941e656af

SHA1
3c281df40e25ade28db40e01775659e30c68c234

SHA256
227155ee1b310ba79cbb6c88df3b9bd5eeeb9ff938111a99b5ca983905a27ef5

SHA512
b0f525af3b40b51abbd3c33416877911f53194ba8119b3d979350682c4724e555231d6188487158fb906eb1a991c7e50a02e04883fea1a7e693f6edc6ecbf9ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\4fc85778\pmoggeckcmdjpkmanbeaijccojiomgpf\background.html

Filesize
142B

MD5
10a4769e1d95bfd8562963de4cefd359

SHA1
48a3ba4c43d5a0bfbd0f2e67a3b3412112031237

SHA256
429690fef9dfdc3bb22a8325193efe7c34606285820e4f551a04f94f213ba6ac

SHA512
cd6397745dcbfe47678b7b16ecfb89afadf2759d08ac73d90737e34f4feac0d05b68c89e251e7d59ad14ac73518a2810d6f89acc3b03f73f2a9055f023b70b66

Download Submit
C:\Users\Admin\AppData\Local\Temp\4fc85778\pmoggeckcmdjpkmanbeaijccojiomgpf\content.js

Filesize
7KB

MD5
63c551a89989786461a12846e83be9f6

SHA1
005ccc0b780b9885348f3a6311f392b6cb31237e

SHA256
da2d6384996ce2cacc4c6e3a3f3b0df72e424225fb314fd33d2cded9debb28d3

SHA512
4ccd29f6b07aebf2791acda5cd9d3bd7fa5ec505d4b450f0e674588c8184027e947fb013489fe02413bf5a5176e1d3697c7b39bf937e530ef6415845e2130af2

Download Submit
C:\Users\Admin\AppData\Local\Temp\4fc85778\pmoggeckcmdjpkmanbeaijccojiomgpf\lsdb.js

Filesize
11KB

MD5
e83e3201e061e7d3fd320936bdf74d7a

SHA1
d68c2f76645d490c57e320828a09485c88f0be23

SHA256
e9124e4be73df8ddea10d81c14c8477916d48ebd08b667d8d4b47ab95dc396f4

SHA512
691550237ba91b0198eb6e1c11cbdfbf1c75cfa6fa5aa8ef35cbeb0e69faf747fc4acd374dd783dde21df07e6a61c5ae4e25283d49f0c675ad6523e207dcb992

Download Submit
C:\Users\Admin\AppData\Local\Temp\4fc85778\pmoggeckcmdjpkmanbeaijccojiomgpf\manifest.json

Filesize
499B

MD5
6c487d339b633b81516f2f2dc227365b

SHA1
b3d8d4a83b82b09f310d5aeff3f5f49ba55d452b

SHA256
92f4924550f7511a5304ced379105df9be807a55d5b54b6531d6028745556ab2

SHA512
7bc5bb722eb4aec3f1d4a9b0091170de5d7c7ef648473035696c7735b172bf660e6af73d230bb63bd4cff26e76857cfb054b84cadddcf4c3154b576f7230d668

Download Submit
C:\Users\Admin\AppData\Local\Temp\4fc85778\pmoggeckcmdjpkmanbeaijccojiomgpf\rI2P4.js

Filesize
25KB

MD5
911ee31cfbdd2235ead001cdbdd0f54f

SHA1
5bfdb7be9f0cfcc4aaca2c18be5d5fb076d23be2

SHA256
7bc0b813b47d5a5d29803fd1545491eed8034dc24bfae9234a4ff2479e94e7a3

SHA512
5958b751cf198b8d3e3dd6f7b4331b9d5e53c3ee45c8bf6f7e4d24e9843da0249e4e7a106a70751f394385360f8b84e79ede4be2e38272aa70c47ae28838b80f

Download Submit
\Users\Admin\AppData\Local\Temp\4fc85778\dc1T.exe

Filesize
450KB

MD5
eac8108ffd350650ae98d1f4346e0534

SHA1
cc2f09bccce5e5fe8d3c62f647bbb9460276a8c9

SHA256
90c89493534236e9a525040b3fcd1acbcb737314a5b76ec2674eacdedeb29a02

SHA512
c19a4ace8020f1da84aea690d93a99796d451ccc0fd26eb5481183010a0391e04e49ed4d335ed81d44d93f088acf4466fc464afc9b6c9fb45290e44fb17b8b0e

Download Submit