Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04-06-2024 00:06
Static task
static1
Behavioral task
behavioral1
Sample
93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe
-
Size
686KB
-
MD5
93132d2bd4641c75cfa6e114a30a5ccd
-
SHA1
30298ed137867a207f8957b44dfa43b7f9835b71
-
SHA256
103735dcc14bab45c670f5a6f50aa9d23479c1a487812cb63d0ef32931e69a31
-
SHA512
825df1497c384b6793e1fe3472067c746741c0cce86cb251012b1ba0b5ffe353489454fc25cff49e9e908f1598c6ec2205e13b9b72b4f12e7464d559b5363083
-
SSDEEP
12288:AQFauqB0q446Umh6v3bi4dv5JQiV1C3tb0rHOj8qCoItSETZVQ/EdSE:AQFDqiq41h23Okv5JQiV1COru4foLETx
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Processes:
resource yara_rule behavioral1/memory/2768-2-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-5-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-6-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-91-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-92-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-94-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-93-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-95-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-114-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-116-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-133-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-134-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-132-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-135-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-136-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-137-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-138-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-140-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-139-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-141-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-142-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-143-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-145-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-146-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-147-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-149-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-152-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-153-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-160-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-175-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-176-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-177-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-178-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-179-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-182-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-183-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-184-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-185-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-186-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-187-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-189-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-188-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-190-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-191-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-193-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-192-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-196-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-195-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-198-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-197-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-200-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-199-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-203-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-202-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-201-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-206-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-205-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx behavioral1/memory/2768-204-0x0000000001C90000-0x0000000001DD3000-memory.dmp upx -
Drops file in Program Files directory 1 IoCs
Processes:
93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exedescription ioc process File created C:\PROGRA~2\is259433172.log 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Processes:
93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exepid process 2768 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe 2768 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exedescription pid process Token: SeShutdownPrivilege 2768 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exepid process 2768 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe 2768 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exedescription pid process target process PID 2768 wrote to memory of 312 2768 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe PID 2768 wrote to memory of 312 2768 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe PID 2768 wrote to memory of 312 2768 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe PID 2768 wrote to memory of 312 2768 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe"1⤵
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768 -
C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe" /_ShowProgress2⤵PID:312
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
156B
MD51ea9e5b417811379e874ad4870d5c51a
SHA1a4bd01f828454f3619a815dbe5423b181ec4051c
SHA256f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
SHA512965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa
-
Filesize
6KB
MD567c969a4e52643367ede75f5f532c53b
SHA1b8fd0d25312b7988b69741c24c483077c4c04ed7
SHA256159cc6cd282a1ae07acd355c5c0bba831002af9878d4657d539dccc452d926c9
SHA512248c8e0905be0db5e3f1b1c76fc67c64c37ec6262c4d664190ac05983256bdd613af73cda674d29bb26587f6dcc57117649b3616e3561ee6209ff4b1fa9ff695
-
Filesize
506B
MD55335f1c12201b5f7cf5f8b4f5692e3d1
SHA113807a10369f7ff9ab3f9aba18135bccb98bec2d
SHA256974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda
SHA5120d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df
-
Filesize
17KB
MD56df40f246406cf460f897c8c2c511281
SHA1770c046c1d794ef8c0565019f371717b8251004b
SHA25639272989cb5e5b10a83ff75e2f7e1a331265323747978900337aaed961a1164d
SHA5123752aaca9fbab4b4c4e5fda9071de426b59ddbb6efe94c8959549a96f081f06289b5507f2ed824a8296e072a50075a46cea7c7f19752e61d3d386b66004d3c3a
-
Filesize
1KB
MD560e7a3f760637dd125a1150474e7f6bb
SHA146e4b53480dd7b3db532e3511a7ad3b9e99b2f48
SHA256d244e6d623fb3706340ead5491bb61663e5d53a3f7d96d4b613175c875c42184
SHA512d279b197d330c4fe7de5e891b45e60273b603d58c84a502461ba2edf008ed51e6bcfd8768a74ee95bc9558bcbe8294f9f759c188327f7c54b1483d1072b32268
-
Filesize
1KB
MD562d7273f7bfd374313f6fb0155b2e7f7
SHA1dcc738108fa120a4d8ec47ff3e6e71c336c59c16
SHA2568c7b475a063df4c3a3aaa79c26010eddc3259ab91d8ed904a539e17eea8e5caa
SHA51276b316228fefc32424236019e931626611e9b50944960ded528a1e7f6c33b102f9f1326d758411b65fa3c96e99de222324ae3bc85989435da434005245d25a0b
-
Filesize
2KB
MD54bc69253486ba5f9a9b7ef5c6cdf44ab
SHA1d837c6bb223d954f50f0f5a99c30f15ff346410a
SHA256786b492a45057f4019e0bdf71aa351b4b880f101ec77be50a0da0ae5898d379a
SHA512e43f5ab251de650aba16f601e6d7312e4d6c90dcd500b8c7ca24cd8d87acf52722d7eb05719f734e29b6f937d2eeb5d39ccaffd50f47864bf390d6509c15d7de
-
Filesize
2KB
MD55cd0b8eeca192b93361d0b5d53c694f5
SHA11de3542d5642e0ce08c374aac7055494d4c70a08
SHA25675918837bf5071469eb7faf5adfcfc192832d1896428bcac21b5ae0475aa2cc9
SHA512cadcc46b628919e50a936c6ec9461383e7fcdd66f48c60b8c1200a5151178610092418c8feadbfb8f9e56b8f32225fe1fccce7a0871af64c8211b6f9072e6f0a
-
Filesize
2KB
MD5377a4cc417c35e8bca043b5fa45c76f4
SHA1bba1d0a63c01c777536008dc177e8c8e3d1f3d0a
SHA256d6476ab7dab6839357bda90d337593833f42b95f474ee358db9ddcd5b689c2c5
SHA512b6a5d34089d830ba39194d7a40b7f394609b5dd4c3297f9e168f66d41e8ca29ef84cb46a3dc59ca305235e8ce33fb0c52766056fede28405b9f78f2382d1b4e8
-
Filesize
2KB
MD57af396fe907f2279c7be2f45c4a71f68
SHA1e2915cd58658e004a528d6afb41a719e2f8bc906
SHA25679aaaa8a2c4196a8fe5608ed9638c02febca9a5f01aaccd024741543893c10a7
SHA5124b32408f9f8e101f93150fa991bbf7048b87d73ef284f1ab6b70e377ddf4dbd55d256a8be303f1a687b2b5d072444bd80fcf4905417524392dc4406157a5bdde
-
Filesize
10KB
MD557ca1a2085d82f0574e3ef740b9a5ead
SHA12974f4bf37231205a256f2648189a461e74869c0
SHA256476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e
SHA5122d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c