Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-06-2024 00:06

General

  • Target

    93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe

  • Size

    686KB

  • MD5

    93132d2bd4641c75cfa6e114a30a5ccd

  • SHA1

    30298ed137867a207f8957b44dfa43b7f9835b71

  • SHA256

    103735dcc14bab45c670f5a6f50aa9d23479c1a487812cb63d0ef32931e69a31

  • SHA512

    825df1497c384b6793e1fe3472067c746741c0cce86cb251012b1ba0b5ffe353489454fc25cff49e9e908f1598c6ec2205e13b9b72b4f12e7464d559b5363083

  • SSDEEP

    12288:AQFauqB0q446Umh6v3bi4dv5JQiV1C3tb0rHOj8qCoItSETZVQ/EdSE:AQFDqiq41h23Okv5JQiV1COru4foLETx

Score
7/10

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • UPX packed file 55 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ish240601187\bootstrap_24443.html

    Filesize

    156B

    MD5

    1ea9e5b417811379e874ad4870d5c51a

    SHA1

    a4bd01f828454f3619a815dbe5423b181ec4051c

    SHA256

    f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

    SHA512

    965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

  • C:\Users\Admin\AppData\Local\Temp\ish240601187\css\main.css

    Filesize

    6KB

    MD5

    67c969a4e52643367ede75f5f532c53b

    SHA1

    b8fd0d25312b7988b69741c24c483077c4c04ed7

    SHA256

    159cc6cd282a1ae07acd355c5c0bba831002af9878d4657d539dccc452d926c9

    SHA512

    248c8e0905be0db5e3f1b1c76fc67c64c37ec6262c4d664190ac05983256bdd613af73cda674d29bb26587f6dcc57117649b3616e3561ee6209ff4b1fa9ff695

  • C:\Users\Admin\AppData\Local\Temp\ish240601187\css\sdk-ui\progress-bar.css

    Filesize

    506B

    MD5

    5335f1c12201b5f7cf5f8b4f5692e3d1

    SHA1

    13807a10369f7ff9ab3f9aba18135bccb98bec2d

    SHA256

    974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

    SHA512

    0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

  • C:\Users\Admin\AppData\Local\Temp\ish240601187\images\BG1.jpg

    Filesize

    17KB

    MD5

    6df40f246406cf460f897c8c2c511281

    SHA1

    770c046c1d794ef8c0565019f371717b8251004b

    SHA256

    39272989cb5e5b10a83ff75e2f7e1a331265323747978900337aaed961a1164d

    SHA512

    3752aaca9fbab4b4c4e5fda9071de426b59ddbb6efe94c8959549a96f081f06289b5507f2ed824a8296e072a50075a46cea7c7f19752e61d3d386b66004d3c3a

  • C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Close.png

    Filesize

    1KB

    MD5

    60e7a3f760637dd125a1150474e7f6bb

    SHA1

    46e4b53480dd7b3db532e3511a7ad3b9e99b2f48

    SHA256

    d244e6d623fb3706340ead5491bb61663e5d53a3f7d96d4b613175c875c42184

    SHA512

    d279b197d330c4fe7de5e891b45e60273b603d58c84a502461ba2edf008ed51e6bcfd8768a74ee95bc9558bcbe8294f9f759c188327f7c54b1483d1072b32268

  • C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Close_Hover.png

    Filesize

    1KB

    MD5

    62d7273f7bfd374313f6fb0155b2e7f7

    SHA1

    dcc738108fa120a4d8ec47ff3e6e71c336c59c16

    SHA256

    8c7b475a063df4c3a3aaa79c26010eddc3259ab91d8ed904a539e17eea8e5caa

    SHA512

    76b316228fefc32424236019e931626611e9b50944960ded528a1e7f6c33b102f9f1326d758411b65fa3c96e99de222324ae3bc85989435da434005245d25a0b

  • C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Color_Button.png

    Filesize

    2KB

    MD5

    4bc69253486ba5f9a9b7ef5c6cdf44ab

    SHA1

    d837c6bb223d954f50f0f5a99c30f15ff346410a

    SHA256

    786b492a45057f4019e0bdf71aa351b4b880f101ec77be50a0da0ae5898d379a

    SHA512

    e43f5ab251de650aba16f601e6d7312e4d6c90dcd500b8c7ca24cd8d87acf52722d7eb05719f734e29b6f937d2eeb5d39ccaffd50f47864bf390d6509c15d7de

  • C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Color_Button_Hover.png

    Filesize

    2KB

    MD5

    5cd0b8eeca192b93361d0b5d53c694f5

    SHA1

    1de3542d5642e0ce08c374aac7055494d4c70a08

    SHA256

    75918837bf5071469eb7faf5adfcfc192832d1896428bcac21b5ae0475aa2cc9

    SHA512

    cadcc46b628919e50a936c6ec9461383e7fcdd66f48c60b8c1200a5151178610092418c8feadbfb8f9e56b8f32225fe1fccce7a0871af64c8211b6f9072e6f0a

  • C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Grey_Button.png

    Filesize

    2KB

    MD5

    377a4cc417c35e8bca043b5fa45c76f4

    SHA1

    bba1d0a63c01c777536008dc177e8c8e3d1f3d0a

    SHA256

    d6476ab7dab6839357bda90d337593833f42b95f474ee358db9ddcd5b689c2c5

    SHA512

    b6a5d34089d830ba39194d7a40b7f394609b5dd4c3297f9e168f66d41e8ca29ef84cb46a3dc59ca305235e8ce33fb0c52766056fede28405b9f78f2382d1b4e8

  • C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Grey_Button_Hover.png

    Filesize

    2KB

    MD5

    7af396fe907f2279c7be2f45c4a71f68

    SHA1

    e2915cd58658e004a528d6afb41a719e2f8bc906

    SHA256

    79aaaa8a2c4196a8fe5608ed9638c02febca9a5f01aaccd024741543893c10a7

    SHA512

    4b32408f9f8e101f93150fa991bbf7048b87d73ef284f1ab6b70e377ddf4dbd55d256a8be303f1a687b2b5d072444bd80fcf4905417524392dc4406157a5bdde

  • C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Loader.gif

    Filesize

    10KB

    MD5

    57ca1a2085d82f0574e3ef740b9a5ead

    SHA1

    2974f4bf37231205a256f2648189a461e74869c0

    SHA256

    476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

    SHA512

    2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

  • memory/2824-158-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-91-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-111-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-114-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-93-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2824-159-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-129-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-130-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-128-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-142-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-149-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-148-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-150-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-152-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-151-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-154-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-153-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-94-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-161-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-155-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-156-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-6-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-2-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-0-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

  • memory/2824-135-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-157-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-95-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-160-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-92-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-5-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-163-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-165-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-167-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-168-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-169-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-170-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-171-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-172-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-173-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-174-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-175-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-176-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-177-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-178-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-181-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-182-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-183-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-184-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-186-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-185-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-187-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-188-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-189-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-190-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-191-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB

  • memory/2824-192-0x0000000002120000-0x0000000002263000-memory.dmp

    Filesize

    1.3MB