5bea53fb7d9e81769271fa18ed7564808a25b671db8f313103c7ccfb8f698df6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
Size

9.6MB
MD5

abc039bf3f68b87a6814e1738699b425
SHA1

d2ea1db4de88147ea0a3d6919617ea5b16d1edd2
SHA256

5bea53fb7d9e81769271fa18ed7564808a25b671db8f313103c7ccfb8f698df6
SHA512

0bd1a56f47cce491de711e0a720725fd8827b88a7d6afbfa81d816493e3f1589dd06bc397c7d6e32da75dfbc2bd2270adbdb177426cd6a5ea68a929c96c05cd1
SSDEEP

196608:jIEoP1HSsimvlG2Ms0tbYPvbJQlHJCsA58CPYuPTx+:gP1pimt2kJQlpCaud

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 17 IoCs

pid	Process
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
4936	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
10	api.ipify.org
12	api.ipify.org

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3692 wrote to memory of 4936	3692	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe	85
PID 3692 wrote to memory of 4936	3692	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe	85
PID 3692 wrote to memory of 4936	3692	abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3692
- C:\Users\Admin\AppData\Local\Temp\abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\abc039bf3f68b87a6814e1738699b425_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  PID:4936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI36922\VCRUNTIME140.dll

Filesize
81KB

MD5
2ebf45da71bd8ef910a7ece7e4647173

SHA1
4ecc9c2d4abe2180d345f72c65758ef4791d6f06

SHA256
cf39e1e81f57f42f4d60abc1d30ecf7d773e576157aa88bbc1d672bf5ad9bb8b

SHA512
a5d3626553731f7dc70f63d086bd9367ea2c06ad8671e2578e1340af4c44189ecb46a51c88d64a4b082ce68160390c3f8d580dde3984cd254a408f1ef5b28457

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_bz2.pyd

Filesize
76KB

MD5
2002b2cc8f20ac05de6de7772e18f6a7

SHA1
b24339e18e8fa41f9f33005a328711f0a1f0f42d

SHA256
645665cf3338e7665e314f53fbbcb3c5d9174e90f3bf65ddbdc9c0cb24a5d40d

SHA512
253d0c005758fcb9e0980a01016a34073e7cdffb6253a2ba3d65a2bb82764638f4bd63d3f91a24effd5db60db59a8d28155e7d6892d5cc77c686f74bf0b05d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_ctypes.pyd

Filesize
113KB

MD5
c827a20fc5f1f4e0ef9431f29ebf03b4

SHA1
ee36cb853d79b0ba6b4e99b1ef2fbae840c5489d

SHA256
d500cff28678eced1fc4b3aeabecc0f3b30de735fdefe90855536bc29fc2cb4d

SHA512
d40b816cde6bdf6e46c379674c76f0991268bd1617b96a4e4f944b80e12692ce410e67e006b50b6a8cfaef96aacc6cb806280bac3aa18ee8690669702d01065c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_hashlib.pyd

Filesize
37KB

MD5
f9799b167c3e4ffee4629b4a4e2606f2

SHA1
37619858375b684e63bffb1b82cd8218a7b8d93d

SHA256
02dd924d4ebfbb8b5b0b66b6e6bb2388fccdad64d0493854a5443018ad5d1543

SHA512
1f273bb5d5d61970143b94696b14887faa5ed1d50742eccec32dbd87446d696ff683053542c3be13d6c00597e3631eb1366abb6f145d8cc14d653d542893001b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_lzma.pyd

Filesize
154KB

MD5
38c434afb2a885a95999903977dc3624

SHA1
57557e7d8de16d5a83598b00a854c1dde952ca19

SHA256
bfe6e288b2d93905f5cbb6d74e9c0fc37145b9225db6d1f00c0f69eb45afd051

SHA512
3e59b79c47cb022d7acec0af164c0225cd83588d5e7f8ca3e8a5dfae27510646391a1b08d86d5ee0b39d1b6bf08409d3758488df3c8cc4d458bed9faab7686e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_queue.pyd

Filesize
24KB

MD5
33a3af108a41c487d6eb6fbc0bbf54dc

SHA1
6b6dd40f7fb163fd2f6ea113dbec0316026b945d

SHA256
e7859d57a449ba5d5e78bef573d9ff4c68d3c9df692a04737f0737b340d2b618

SHA512
65a88ede3c9cd370dd0ba9c1b8676f252cdc14238a4d7b06c63634f255eec846856fd7248e6e00c04f335664687b91f96208278d1477653591841879f624dcbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_socket.pyd

Filesize
67KB

MD5
6b59705d8ac80437dd81260443912532

SHA1
d206d9974167eb60fb201f2b5bf9534167f9fb08

SHA256
62ed631a6ad09e96b4b6f4566c2afc710b3493795edee4cc14a9c9de88230648

SHA512
fa44386b9a305a1221ed79e1ca6d7edf7a8e288836b77cdca8793c82ebf74a0f28a3fc7ae49e14e87029642d81773d960c160c8b3bcb73e8a4ec9a2fd1cdc7fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_sqlite3.pyd

Filesize
67KB

MD5
49848ca2c6ed629a5fa24abab96e5ec9

SHA1
f69fc2f07a80ef7883319676b9c5c92d28aad57e

SHA256
c222806d471a71d0fd804162e5da3dc607973367819453c20119a5742eff5113

SHA512
f895354f7f0c573d32dbe71bac556a635a858bca4cc37e9495478842335d22494c4b1263b84757bec7854b64b545c8fd8e99e2970bdb0b417502ccdf5ad5130d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\_ssl.pyd

Filesize
139KB

MD5
e28ee2be9b3a27371685fbe8998e78f1

SHA1
fa01c1c07a206082ef7bf637be4ce163ff99e4ac

SHA256
80041ce67e372f1b44b501334590c659154870286d423c19f005382039b79476

SHA512
708e4069bafa9c5fb0d324e60cc81b1a3a442113f84a4e832a97b4196bee0a4a91f2e13239c91757512e1b42bb23166360ad44a5dce68316799aafc91e5bba04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\base_library.zip

Filesize
768KB

MD5
187c0494acc2d5f43121eaac358ffec3

SHA1
b942aafd2f62c73a5388db48415b2a708bb70dea

SHA256
fdc2311655bf91ea311600c906a5d5109dbefd9b527bd14079306b67573bdb7b

SHA512
5c6f812113df97c958ac69941972ebfe72d76ec8e2e02b7b651fe8cd7e7a2c41ffbfdbc8d409ba4327de5604b26302ad4ee507cfe16ef1f77258f1c6e02b7acd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\certifi\cacert.pem

Filesize
275KB

MD5
c760591283d5a4a987ad646b35de3717

SHA1
5d10cbd25ac1c7ced5bfb3d6f185fa150f6ea134

SHA256
1a14f6e1fd11efff72e1863f8645f090eec1b616614460c210c3b7e3c13d4b5e

SHA512
c192ae381008eaf180782e6e40cd51834e0233e98942bd071768308e179f58f3530e6e883f245a2630c86923dbeb68b624c5ec2167040d749813fedc37a6d1e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\libcrypto-1_1.dll

Filesize
2.1MB

MD5
aad424a6a0ae6d6e7d4c50a1d96a17fc

SHA1
4336017ae32a48315afe1b10ff14d6159c7923bc

SHA256
3a2dba6098e77e36a9d20c647349a478cb0149020f909665d209f548dfa71377

SHA512
aa4b74b7971cb774e4ae847a226cae9d125fadc7cde4f997b7564dff4d71b590dcbc06a7103451b72b2afe3517ab46d3be099c3620c3d591ccbd1839f0e8f94a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\libffi-7.dll

Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\libssl-1_1.dll

Filesize
525KB

MD5
697766aba55f44bbd896cbd091a72b55

SHA1
d36492be46ea63ce784e4c1b0103ba21214a76fb

SHA256
44a228b3646eb3575abd5cbcb079e018de11ca6b838a29e4391893de69e0cf4b

SHA512
206957347540f1356d805bf4a2d062927e190481aadc105c3012e69623149850a846503fca30fc38298f74d7f8f69761fddd0aa7f5e31fedb1fa5e5c9de56e9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\python38.dll

Filesize
3.9MB

MD5
c512c6ea9f12847d991ceed6d94bc871

SHA1
52e1ef51674f382263b4d822b8ffa5737755f7e7

SHA256
79545f4f3a658865f510ab7df96516f660e6e18fe12cadaaec3002b51fc29ef6

SHA512
e023a353d6f0267f367276344df5f2fdbc208f916ca87fa5b4310ea7edcac0a24837c23ab671fb4b15b109915dfd0e57fbe07593a764b3219312ed5737052822

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\select.pyd

Filesize
23KB

MD5
441299529d0542d828bafe9ac69c4197

SHA1
da31b9afb68ba6e2d40bbc8e1e25980c2afeb1b3

SHA256
973f851dfaf98617b3eb6fa38befeb7ede49bd993408917e207dc7ea399de326

SHA512
9f0fb359a4291d47b8dc0ec789c319637dde0f09e59408c4d7fd9265e51c978aa3ba7ea51ca9524833814bca9e7978d9817658655ee339191634d4ae5f426ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\sqlite3.dll

Filesize
1.1MB

MD5
44d7761c17b599f75c41bbf393eea3b1

SHA1
be23173eb5d6fb15a768cd2db2de1c45a84be888

SHA256
72045a1cbe25e35d8b8c3df1349c28137525c63ff5fc7e423af87940434f4cf1

SHA512
ec830ac8477902bbce50cc693d9dd1715a27b01ea4875399d5a9190e4d690dafe8dcfd4368393ebec8709389890832175048c332c555222ef12c316d4f2fe1d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36922\unicodedata.pyd

Filesize
1.0MB

MD5
a6d810b309ab234056f2ec5617afd5ca

SHA1
e11da3968d94b3358fbaf2c39d2a300ffc287dc6

SHA256
9b0b201f338c8c2844be144ac7622d38e3b85ec9c24c0ac128863820da8c41f6

SHA512
94b5bb2e3c430fcb5f9e1d83a3c56dee898afb7e872db5763a3bd05bd7a9b38bf017d71f71b692bc29801b5b2566cc19f91f8b100f48c81c0267d827620e1ab9

Download Submit