Overview

overview

10

Static

static

10

afd0fd73b6...18.exe

windows7-x64

10

afd0fd73b6...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    15-06-2024 18:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    afd0fd73b658168e31480fa3f0fef267_JaffaCakes118.exe

  • Size

    92KB

  • MD5

    afd0fd73b658168e31480fa3f0fef267

  • SHA1

    a2579217dd963ac5a5d474bac08085c632124cfe

  • SHA256

    70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2

  • SHA512

    d773200722ce9f3cd2fa15dfca5d18368b3df6d2cb70a62e8d4f251a1228b253fdf2ecaeb457c1a7192e328686ee385c55246ebc48fed68231c518602c689c4a

  • SSDEEP

    1536:7cGDF4pwt9RRnllg3VsH/KPqRwmcUet/s7wOHUN4ZKBvfdcPJvh90:IGDARVsH/KPq6mDELO0Ogw0

Score
10/10
poullightspywarestealertrojan

Malware Config

Signatures

  • Poullight

    Poullight is an information stealer first seen in March 2020.

    trojanstealerpoullight
  • Poullight Stealer payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\afd0fd73b658168e31480fa3f0fef267_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\afd0fd73b658168e31480fa3f0fef267_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:468

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ww3nsua0uid05xhgptg
    Filesize

    92KB

    MD5

    f5582ab8cd4909e3531c32d3a28f156e

    SHA1

    40402c9af7fcff602e5efb662a08a3577b019379

    SHA256

    da23680ac69b11618f023c43695198e3ab7ace6b831fd2e189d81d15aa333ad6

    SHA512

    1f1a3bf4b03621518013f064c777e56eb6594e53e39e589f7c274993cc188c3b800986a5d6b15131e64c3b76b74af7d68ef43ae29794db0b8e3ec9862382195f

    Download Submit
  • memory/468-0-0x000007FEF52A3000-0x000007FEF52A4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/468-1-0x0000000000990000-0x00000000009AE000-memory.dmp
    Filesize

    120KB

    Download
  • memory/468-2-0x000007FEF52A0000-0x000007FEF5C8C000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/468-75-0x000007FEF52A3000-0x000007FEF52A4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/468-76-0x000007FEF52A0000-0x000007FEF5C8C000-memory.dmp
    Filesize

    9.9MB

    Download