Overview

overview

8

Static

static

3

0e5a29d950...18.exe

windows7-x64

8

0e5a29d950...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    25/06/2024, 14:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0e5a29d95099fc1680911db841b2fc87_JaffaCakes118.exe

  • Size

    326KB

  • MD5

    0e5a29d95099fc1680911db841b2fc87

  • SHA1

    62d5dfa6215b275fd4e79687160274ddc6a760db

  • SHA256

    9726ded4f6c531cb2426322abea6f9ae20a9dcd47b6caa1750083baa35c0a569

  • SHA512

    793049c64d94a0ef4841fdb0cf0ad13d0a4b89e97b1b95e50ea6a943c5b0e9aaa99101b07ec0b971742aa90e9363b3caeaee3b45ba6eb0eb451020f6b5fcc405

  • SSDEEP

    6144:Gnq4v69OavMU01GhSvoWSJSFG0u01L0N6yVeO9dJQ4QXgShhWjhi:zyJ91GS1vkJw0NuodhChw

Score
8/10
evasionspywarestealer

Malware Config

Signatures

  • Disables taskbar notifications via registry modification
    evasion
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 1 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e5a29d95099fc1680911db841b2fc87_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0e5a29d95099fc1680911db841b2fc87_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2056
  • C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe -Embedding
    1⤵
      PID:2592

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2056-7-0x00000000008E0000-0x0000000000926000-memory.dmp

            Filesize

            280KB

            Download

          • memory/2056-6-0x0000000000110000-0x0000000000111000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2056-8-0x00000000008E0000-0x0000000000935360-memory.dmp

            Filesize

            340KB

            Download

          • memory/2056-10-0x00000000008E0000-0x0000000000935360-memory.dmp

            Filesize

            340KB

            Download

          • memory/2056-11-0x00000000008E0000-0x0000000000935360-memory.dmp

            Filesize

            340KB

            Download

          • memory/2056-12-0x00000000008E0000-0x0000000000926000-memory.dmp

            Filesize

            280KB

            Download

          • memory/2056-13-0x00000000008E0000-0x0000000000935360-memory.dmp

            Filesize

            340KB

            Download

          • memory/2056-14-0x00000000008E0000-0x0000000000935360-memory.dmp

            Filesize

            340KB

            Download

          • memory/2056-15-0x00000000008E0000-0x0000000000935360-memory.dmp

            Filesize

            340KB

            Download

          • memory/2056-16-0x00000000008E0000-0x0000000000935360-memory.dmp

            Filesize

            340KB

            Download

          • memory/2056-17-0x00000000008E0000-0x0000000000935360-memory.dmp

            Filesize

            340KB

            Download

          • memory/2056-18-0x00000000008E0000-0x0000000000935360-memory.dmp

            Filesize

            340KB

            Download

          • memory/2056-19-0x00000000008E0000-0x0000000000935360-memory.dmp

            Filesize

            340KB

            Download

          • memory/2056-20-0x00000000008E0000-0x0000000000935360-memory.dmp

            Filesize

            340KB

            Download

          • memory/2056-21-0x00000000008E0000-0x0000000000935360-memory.dmp

            Filesize

            340KB

            Download

          • memory/2056-22-0x00000000008E0000-0x0000000000935360-memory.dmp

            Filesize

            340KB

            Download

          • memory/2056-23-0x00000000008E0000-0x0000000000935360-memory.dmp

            Filesize

            340KB

            Download