Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
25-06-2024 04:49
Static task
static1
Behavioral task
behavioral1
Sample
0c9f92e381709c176eb2ebd0263ac3fc_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
0c9f92e381709c176eb2ebd0263ac3fc_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
0c9f92e381709c176eb2ebd0263ac3fc_JaffaCakes118.exe
-
Size
18KB
-
MD5
0c9f92e381709c176eb2ebd0263ac3fc
-
SHA1
36991426a89416bfc5b1d926a956104a1d4aded3
-
SHA256
a4ee22697e85e57d8d8c73a278d83801022592f5ae15986a3df8ab7ad4d75ecd
-
SHA512
d32c63c8e4161713716a5fd6820cb182e10d4a900b92cd237641630352a89a606bcec7a4a8ae7ab5feced3ca214c9929a6d5805f77e916a4cf78baa6ac22d9c5
-
SSDEEP
384:5r3keEG5NS3aUEcIIx/j91BH/98q05xT4kstbmgzQLZk:5r3keEGLS3LEgjxV8xxT4zBmg
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 0c9f92e381709c176eb2ebd0263ac3fc_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 0c9f92e381709c176eb2ebd0263ac3fc_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier 0c9f92e381709c176eb2ebd0263ac3fc_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2340 0c9f92e381709c176eb2ebd0263ac3fc_JaffaCakes118.exe 2340 0c9f92e381709c176eb2ebd0263ac3fc_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD50b638179fe78027620fe2e66c5d5ef7f
SHA1f7954fc01f1f376f41e063ad467667b1a6525681
SHA256381741a961d996facf1e33300e1f05ce77317cc330866b64d8399d1918de6765
SHA512e8ae5e23420621c955b21ce78c71c7478d9a6c3fbed65c418169479ff0843c13051f0e686a11ad909d5831ad618cd844cd610fbe4c8320bbf08d7910d560baed