Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-06-2024 00:39

General

  • Target

    9328cbaf393bd868720794b6137db9a8_JaffaCakes118.exe

  • Size

    3.1MB

  • MD5

    9328cbaf393bd868720794b6137db9a8

  • SHA1

    546f241a90b63853b18a5c0cbcafdb8828b2539f

  • SHA256

    66685c4afa8d159b3f612be71271e25e07111a1e80b81831bd1ee3d03d3a9f11

  • SHA512

    e9b77c5f8e480d6f1cb237cdabb9a582c6a445eebe50ebef68ea587a51f5b9b9f7aa71fd921e38425cf206d4253d8c8e601b89bbcde110533c8c7eb3a8dc8b00

  • SSDEEP

    49152:b3NpfZfpWZNU5XstFviQJXZNhAj/WjntIVKLI7kxHKMPN//4JXTgRItETQSQ:b3ffZxWCSxHmJXT7

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies registry class 1 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9328cbaf393bd868720794b6137db9a8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9328cbaf393bd868720794b6137db9a8_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Modifies registry class
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Users\Admin\AppData\Local\Temp\9328cbaf393bd868720794b6137db9a8_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\9328cbaf393bd868720794b6137db9a8_JaffaCakes118.exe" --crash-reporter-parent-id=4892
      2⤵
      • Loads dropped DLL
      PID:4376
    • C:\Users\Admin\AppData\Local\Temp\9328cbaf393bd868720794b6137db9a8_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\9328cbaf393bd868720794b6137db9a8_JaffaCakes118.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=56.0.3051.31 --initial-client-data=0x284,0x298,0x29c,0x294,0x2a0,0x750fe360,0x750fe370,0x750fe37c
      2⤵
      • Loads dropped DLL
      PID:620
    • C:\Users\Admin\AppData\Local\Temp\Opera Installer\9328cbaf393bd868720794b6137db9a8_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\Opera Installer\9328cbaf393bd868720794b6137db9a8_JaffaCakes118.exe" --version
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Opera Installer\9328cbaf393bd868720794b6137db9a8_JaffaCakes118.exe

    Filesize

    3.1MB

    MD5

    9328cbaf393bd868720794b6137db9a8

    SHA1

    546f241a90b63853b18a5c0cbcafdb8828b2539f

    SHA256

    66685c4afa8d159b3f612be71271e25e07111a1e80b81831bd1ee3d03d3a9f11

    SHA512

    e9b77c5f8e480d6f1cb237cdabb9a582c6a445eebe50ebef68ea587a51f5b9b9f7aa71fd921e38425cf206d4253d8c8e601b89bbcde110533c8c7eb3a8dc8b00

  • C:\Users\Admin\AppData\Local\Temp\Opera_installer_2406040039183324892.dll

    Filesize

    2.3MB

    MD5

    d032b5dfbc2948f9501b730f64cafe12

    SHA1

    8e0a3e18b542e7cec52e219ab1443e64f56d7bcc

    SHA256

    13044ba760abf383e1197bc046a9fe7f84d36bb9c6dcdd503fcc8e0acfa427ce

    SHA512

    2c27fb659fa947894f9069cff15869a1cf323d663bf2fd4626eeb4b25d64ee24c8427e232f63c021c0d4a9511b82c5627fbfab0fd66b40eedf51c6b32b503482

  • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

    Filesize

    40B

    MD5

    0d383e4e1fa14accdc28f579002df9e8

    SHA1

    a0911c1b0e2d828542e2ac78303ec496efee51bf

    SHA256

    521fc4df911a4c962bd72fbd3b5df559e53f4ea738542616ee2aab6f949a6deb

    SHA512

    7943d9eeea9b976a6e43f49e44750e42169402d69b9c1f8596e28a3c6204532568587c5188af3b9a0cd77bf07df276f16c31f19b3061c3292dce3c5777173bb6