Analysis
-
max time kernel
143s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 06:57
Static task
static1
Behavioral task
behavioral1
Sample
a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe
Resource
win7-20240508-en
General
-
Target
a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe
-
Size
715KB
-
MD5
a86ba7b2d74e7d734c30d96d839fa093
-
SHA1
29ded5b62254cb3e2858953d27beb5599a451a88
-
SHA256
16e5c3b11d202d74cc723470ce9d68e9c166ebd1d4f7bac9ab782b910d17e2dc
-
SHA512
c873206cb541605656db650868c0f99c9717be31a79e7826e91e9775fcf807d3cb90d16604f54743e4dcd4a0e3652b3d91dae1ebf857f8d437317bfa006d43ec
-
SSDEEP
12288:/4Vcmjo5jAHA1Gzx2I38fuglVdqz2HpBkhjr5Kq0FOt:/N2oRq4LllVAzGyjr5KFs
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
umypQ1hCsK.exepid Process 400 umypQ1hCsK.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension 1 IoCs
Processes:
umypQ1hCsK.exedescription ioc Process File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\liapedcpjfogjakipkplljngomamaiik\1.0\manifest.json umypQ1hCsK.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exedescription pid Process procid_target PID 4008 wrote to memory of 400 4008 a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe 91 PID 4008 wrote to memory of 400 4008 a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe 91 PID 4008 wrote to memory of 400 4008 a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4008 -
C:\Users\Admin\AppData\Local\Temp\00294823\umypQ1hCsK.exe"C:\Users\Admin\AppData\Local\Temp/00294823/umypQ1hCsK.exe"2⤵
- Executes dropped EXE
- Drops Chrome extension
PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4232,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:81⤵PID:1456
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5a2fc8498dda3769805b3f3644d55c5cb
SHA1d697d34445c2ecb5c18be6bee5769f033a370a51
SHA256469c21d222d88b581ce6c6889d31f8fe9fc1fb54be764354b66df6549844f72f
SHA512743b6e7e1e5e988b80f3f8065e9b33e05ce570c36c8d6a49614b7b7becda72a2cf7c119f1d8be40848abd30766e57c70a73b41da2f93a79a8a4394eef76fd944
-
Filesize
148B
MD569149d2f17bd339e09edde3150565e34
SHA15723aac5c7343ac8e9c5323336ad310293bb21a5
SHA2560d3ca859b2a91c39d537761ef4e321d7db61bb00176aa09378f86a8bf8a6a0d5
SHA5122a82b4ac5a393fa08cbc1693584f84105a72af5ccad1487b23df3938152ccb9673dbfa948a42238a13395cc308f4e1c4bfde9e5edde2fa413f0226a2251354ae
-
Filesize
197B
MD55f9891607f65f433b0690bae7088b2c1
SHA1b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de
SHA256fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b
SHA51276018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c
-
Filesize
31KB
MD52d9fa528304f24e9cd384cf3db6fdd79
SHA11c3e8f317a4d6f7d0072d6fc11d513f57387d9ee
SHA256e6fb5927cd13f2c4f3e5096f7f278dc56aece7575389a8db6efb8d85aefaba20
SHA512d31a056a26b8d2a98f6f298c1ae50fe130b0c52923ebbbb8886ad54dd60ab713032f86f4337fa03874877f702578cfe856fd960aa1c480a7c5d47a21a1092339
-
Filesize
559B
MD5209b7ae0b6d8c3f9687c979d03b08089
SHA16449f8bff917115eef4e7488fae61942a869200f
SHA256e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704
SHA5121b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25
-
Filesize
573B
MD50f0aa57fd1bded558f59162fa2f15011
SHA1ad1010c0cd071bc86eb6ad660b84d961676bc211
SHA2560c5efe6140a17946f1ebc4ad45cef38233860d76e7d3c71ec31ad04cfa1f8040
SHA51204d67916998c6e060b524605c43eeb584a639cfce2172d6bb523b57d77e2464f69f0f203fa76fef379a7b0ceb1c609fc960a6105756d5ce9d71cd7b9f9c507a4
-
Filesize
1KB
MD5d1c5ced21d976720ce2f861eb5496842
SHA1f633258f024d6a430aa8f55e04d98c963c91b8b4
SHA256b2b197d3014357b41c8fc2519a2af4c3b868d45a4aba0daf409ef8150ce418ea
SHA51257c4b8ac6d1bf8e1dfa4dd7c275c53bfad684ef388776f96919ec3b9cc5f5eb52b693edf58c303920e022b1d1ea164f5cfa9eb5b2c4aea416e981739492fb152
-
Filesize
1008B
MD53674cc6f48edcf6409cc2cf74aeb5052
SHA12da344a23d5e1e663c836ce581ea67c11f8fc8de
SHA2569575c9e27c0c351892e1e88bc4dab14f55f105b43b60a3228599c85d0189d099
SHA512ef5c78aa22d9a21ed201716ffea8b669073095714e2857ce0596986b6793b270114ec1f0f13428cb78de2ec2c4f94ca78c90a7008c91bd531d440930a547a1a6
-
Filesize
482KB
MD52f21b030acc94619252a33d36dc2694c
SHA182c9801ec0d132500bc823defe9aaa1b8679d198
SHA256bf0a543d607d8c4f6a64ceb3a09488cfd7631191eb2c6ff6db3532ff1d34a62b
SHA51227cb565725965634f7ee0b50ec1502cc188273194c4960545d503e91891d59d842d7a1c3f4b3347d501dd2e5ee89af9b148be1c7fbc6df65488a675eb42e030f