Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 00:06

General

  • Target

    93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe

  • Size

    686KB

  • MD5

    93132d2bd4641c75cfa6e114a30a5ccd

  • SHA1

    30298ed137867a207f8957b44dfa43b7f9835b71

  • SHA256

    103735dcc14bab45c670f5a6f50aa9d23479c1a487812cb63d0ef32931e69a31

  • SHA512

    825df1497c384b6793e1fe3472067c746741c0cce86cb251012b1ba0b5ffe353489454fc25cff49e9e908f1598c6ec2205e13b9b72b4f12e7464d559b5363083

  • SSDEEP

    12288:AQFauqB0q446Umh6v3bi4dv5JQiV1C3tb0rHOj8qCoItSETZVQ/EdSE:AQFDqiq41h23Okv5JQiV1COru4foLETx

Score
7/10

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • UPX packed file 58 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe" /_ShowProgress
      2⤵
        PID:312

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ish259431394\bootstrap_34515.html

      Filesize

      156B

      MD5

      1ea9e5b417811379e874ad4870d5c51a

      SHA1

      a4bd01f828454f3619a815dbe5423b181ec4051c

      SHA256

      f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

      SHA512

      965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

    • C:\Users\Admin\AppData\Local\Temp\ish259431394\css\main.css

      Filesize

      6KB

      MD5

      67c969a4e52643367ede75f5f532c53b

      SHA1

      b8fd0d25312b7988b69741c24c483077c4c04ed7

      SHA256

      159cc6cd282a1ae07acd355c5c0bba831002af9878d4657d539dccc452d926c9

      SHA512

      248c8e0905be0db5e3f1b1c76fc67c64c37ec6262c4d664190ac05983256bdd613af73cda674d29bb26587f6dcc57117649b3616e3561ee6209ff4b1fa9ff695

    • C:\Users\Admin\AppData\Local\Temp\ish259431394\css\sdk-ui\progress-bar.css

      Filesize

      506B

      MD5

      5335f1c12201b5f7cf5f8b4f5692e3d1

      SHA1

      13807a10369f7ff9ab3f9aba18135bccb98bec2d

      SHA256

      974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

      SHA512

      0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

    • C:\Users\Admin\AppData\Local\Temp\ish259431394\images\BG1.jpg

      Filesize

      17KB

      MD5

      6df40f246406cf460f897c8c2c511281

      SHA1

      770c046c1d794ef8c0565019f371717b8251004b

      SHA256

      39272989cb5e5b10a83ff75e2f7e1a331265323747978900337aaed961a1164d

      SHA512

      3752aaca9fbab4b4c4e5fda9071de426b59ddbb6efe94c8959549a96f081f06289b5507f2ed824a8296e072a50075a46cea7c7f19752e61d3d386b66004d3c3a

    • C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Close.png

      Filesize

      1KB

      MD5

      60e7a3f760637dd125a1150474e7f6bb

      SHA1

      46e4b53480dd7b3db532e3511a7ad3b9e99b2f48

      SHA256

      d244e6d623fb3706340ead5491bb61663e5d53a3f7d96d4b613175c875c42184

      SHA512

      d279b197d330c4fe7de5e891b45e60273b603d58c84a502461ba2edf008ed51e6bcfd8768a74ee95bc9558bcbe8294f9f759c188327f7c54b1483d1072b32268

    • C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Close_Hover.png

      Filesize

      1KB

      MD5

      62d7273f7bfd374313f6fb0155b2e7f7

      SHA1

      dcc738108fa120a4d8ec47ff3e6e71c336c59c16

      SHA256

      8c7b475a063df4c3a3aaa79c26010eddc3259ab91d8ed904a539e17eea8e5caa

      SHA512

      76b316228fefc32424236019e931626611e9b50944960ded528a1e7f6c33b102f9f1326d758411b65fa3c96e99de222324ae3bc85989435da434005245d25a0b

    • C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Color_Button.png

      Filesize

      2KB

      MD5

      4bc69253486ba5f9a9b7ef5c6cdf44ab

      SHA1

      d837c6bb223d954f50f0f5a99c30f15ff346410a

      SHA256

      786b492a45057f4019e0bdf71aa351b4b880f101ec77be50a0da0ae5898d379a

      SHA512

      e43f5ab251de650aba16f601e6d7312e4d6c90dcd500b8c7ca24cd8d87acf52722d7eb05719f734e29b6f937d2eeb5d39ccaffd50f47864bf390d6509c15d7de

    • C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Color_Button_Hover.png

      Filesize

      2KB

      MD5

      5cd0b8eeca192b93361d0b5d53c694f5

      SHA1

      1de3542d5642e0ce08c374aac7055494d4c70a08

      SHA256

      75918837bf5071469eb7faf5adfcfc192832d1896428bcac21b5ae0475aa2cc9

      SHA512

      cadcc46b628919e50a936c6ec9461383e7fcdd66f48c60b8c1200a5151178610092418c8feadbfb8f9e56b8f32225fe1fccce7a0871af64c8211b6f9072e6f0a

    • C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Grey_Button.png

      Filesize

      2KB

      MD5

      377a4cc417c35e8bca043b5fa45c76f4

      SHA1

      bba1d0a63c01c777536008dc177e8c8e3d1f3d0a

      SHA256

      d6476ab7dab6839357bda90d337593833f42b95f474ee358db9ddcd5b689c2c5

      SHA512

      b6a5d34089d830ba39194d7a40b7f394609b5dd4c3297f9e168f66d41e8ca29ef84cb46a3dc59ca305235e8ce33fb0c52766056fede28405b9f78f2382d1b4e8

    • C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Grey_Button_Hover.png

      Filesize

      2KB

      MD5

      7af396fe907f2279c7be2f45c4a71f68

      SHA1

      e2915cd58658e004a528d6afb41a719e2f8bc906

      SHA256

      79aaaa8a2c4196a8fe5608ed9638c02febca9a5f01aaccd024741543893c10a7

      SHA512

      4b32408f9f8e101f93150fa991bbf7048b87d73ef284f1ab6b70e377ddf4dbd55d256a8be303f1a687b2b5d072444bd80fcf4905417524392dc4406157a5bdde

    • C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Loader.gif

      Filesize

      10KB

      MD5

      57ca1a2085d82f0574e3ef740b9a5ead

      SHA1

      2974f4bf37231205a256f2648189a461e74869c0

      SHA256

      476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

      SHA512

      2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

    • memory/312-154-0x0000000000400000-0x000000000041B000-memory.dmp

      Filesize

      108KB

    • memory/2768-153-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-0-0x0000000000401000-0x000000000040B000-memory.dmp

      Filesize

      40KB

    • memory/2768-95-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-94-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-114-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-116-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-133-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-134-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-132-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-135-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-136-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-137-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-138-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-140-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-139-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-141-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-142-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-143-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-145-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-146-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-147-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-149-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-152-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-92-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-91-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-160-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-6-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-5-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-2-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-93-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-1-0x0000000000400000-0x000000000041B000-memory.dmp

      Filesize

      108KB

    • memory/2768-175-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-176-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-177-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-178-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-179-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-182-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-183-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-184-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-185-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-186-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-187-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-189-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-188-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-190-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-191-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-193-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-192-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-196-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-195-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-198-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-197-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-200-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-199-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-203-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-202-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-201-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-206-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-205-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB

    • memory/2768-204-0x0000000001C90000-0x0000000001DD3000-memory.dmp

      Filesize

      1.3MB