Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
20-06-2024 02:31
Static task
static1
Behavioral task
behavioral1
Sample
020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe
Resource
win7-20240508-en
General
-
Target
020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe
-
Size
591KB
-
MD5
020ebc6458731ea5132990ba59516bfb
-
SHA1
48293e02e8efcc4db69c0440f3fd3bd45fc9817f
-
SHA256
b67f4f25d5d2ed6c605ca204f28d94c0364e858e09539d9608a6e61452939f15
-
SHA512
dd48d851cd3d59f372e4ed673d5fff1bd8b7be703338568ea414f36d7023c67df93ecf9ebf550185089ce6cc13d65a885ee5b8cfd9b802f6704e8d00bc1f9233
-
SSDEEP
12288:j862Oi5XQhEeZHauP0MbadCGA7yeREK14sCbWFL2oQ2PXVo8C:j862Oi5XQhEeZHNbadWye74sCbjmC
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2428 set thread context of 1960 2428 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 28 -
Suspicious use of WriteProcessMemory 17 IoCs
description pid Process procid_target PID 2428 wrote to memory of 1960 2428 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 28 PID 2428 wrote to memory of 1960 2428 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 28 PID 2428 wrote to memory of 1960 2428 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 28 PID 2428 wrote to memory of 1960 2428 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 28 PID 2428 wrote to memory of 1960 2428 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 28 PID 2428 wrote to memory of 1960 2428 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 28 PID 2428 wrote to memory of 1960 2428 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 28 PID 2428 wrote to memory of 1960 2428 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 28 PID 2428 wrote to memory of 1960 2428 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 28 PID 2428 wrote to memory of 1960 2428 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 28 PID 2428 wrote to memory of 1960 2428 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 28 PID 2428 wrote to memory of 1960 2428 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 28 PID 2428 wrote to memory of 1960 2428 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 28 PID 1960 wrote to memory of 1736 1960 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 31 PID 1960 wrote to memory of 1736 1960 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 31 PID 1960 wrote to memory of 1736 1960 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 31 PID 1960 wrote to memory of 1736 1960 020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2428 -
C:\Users\Admin\AppData\Local\Temp\020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\020ebc6458731ea5132990ba59516bfb_JaffaCakes118.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:1960 -
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\777.bat3⤵PID:1736
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
591KB
MD5020ebc6458731ea5132990ba59516bfb
SHA148293e02e8efcc4db69c0440f3fd3bd45fc9817f
SHA256b67f4f25d5d2ed6c605ca204f28d94c0364e858e09539d9608a6e61452939f15
SHA512dd48d851cd3d59f372e4ed673d5fff1bd8b7be703338568ea414f36d7023c67df93ecf9ebf550185089ce6cc13d65a885ee5b8cfd9b802f6704e8d00bc1f9233
-
Filesize
175B
MD544d8d4b5f98cd5f251ffa57582d5a066
SHA1471b297aadc3b7019d7bc96200260d08ee877cce
SHA25694f6295673b2239f543a7bcc6c33947c90d5773bd9e44bcc2fadd059ce138df2
SHA512a140d26f5002a11721955b433ca99ff76ff428b8c22124fd08489e3644d71bc4224cc0b35f471cb2b20d74faea1a4af763385d3f78769f203fddb232d75bc9e3