b2e1b53757d09544534d165903eefb0c0f394d0da51e2bf4b2417fdc294d7b44

Analysis

max time kernel
63s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 12:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

22708427d878c9139b7245db6e3b6b9c_JaffaCakes118.exe
Size

181KB
MD5

22708427d878c9139b7245db6e3b6b9c
SHA1

f1f96d3beb4d2f9be3e94400f0df0541b5a646af
SHA256

b2e1b53757d09544534d165903eefb0c0f394d0da51e2bf4b2417fdc294d7b44
SHA512

2230c36b433e142ef6dcf70faa1efe6603376584b7b485fc6d4fa3ab8acefcb7601021b540d4b675e6b998034d6d26b79e3221f35fea322cf276de28289a60b9
SSDEEP

3072:OXcRoHSZOnFGJxMiTmgObSbrkQhu4HJXJP/RBCGbBpnENfqbsF84V/3U:acRVQFGnNMbc7XlJBCYpnmysHPU

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Runs net.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2256	2508	22708427d878c9139b7245db6e3b6b9c_JaffaCakes118.exe	81
PID 2508 wrote to memory of 2256	2508	22708427d878c9139b7245db6e3b6b9c_JaffaCakes118.exe	81
PID 2508 wrote to memory of 2256	2508	22708427d878c9139b7245db6e3b6b9c_JaffaCakes118.exe	81
PID 2256 wrote to memory of 4000	2256	net.exe	83
PID 2256 wrote to memory of 4000	2256	net.exe	83
PID 2256 wrote to memory of 4000	2256	net.exe	83

C:\Users\Admin\AppData\Local\Temp\22708427d878c9139b7245db6e3b6b9c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\22708427d878c9139b7245db6e3b6b9c_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\net.exe
  net stop SharedAccess
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2256
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop SharedAccess
    3⤵
    PID:4000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2508-0-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2508-1-0x0000000002090000-0x0000000002092000-memory.dmp

Filesize
8KB

Download
memory/2508-2-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/2508-3-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2508-4-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2508-5-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2508-6-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/2508-7-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2508-8-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2508-9-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2508-10-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2508-12-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download