Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-07-2024 15:52
Static task
static1
Behavioral task
behavioral1
Sample
22edadd8c4cbf1aa564cc1aadb0577f4_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
22edadd8c4cbf1aa564cc1aadb0577f4_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
22edadd8c4cbf1aa564cc1aadb0577f4_JaffaCakes118.exe
-
Size
421KB
-
MD5
22edadd8c4cbf1aa564cc1aadb0577f4
-
SHA1
78a04cd87ba1c935cfd691e8cfaab141b24dedb5
-
SHA256
1a39c7f365d22bf7f3d359fdeeed9bc542aaf2e041db90c82ed9d0b2aa3ff3b6
-
SHA512
7f4ae4d8db12c6e4fcd7561bb2aae51654f5048af58ed9d0be31209a6c0bac6b269bdebe595d78755f916a406d0370bd6c6c9340d3765fb713d8c357d0a35554
-
SSDEEP
12288:qIWNziYgBAV/X/bDo+AJwzGMy2ka0ONXdA1606:aziYga/vbLIwzGtONK4
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral2/memory/2472-2-0x0000000000400000-0x00000000004F5000-memory.dmp upx behavioral2/memory/2472-3-0x0000000000400000-0x00000000004F5000-memory.dmp upx behavioral2/memory/2472-7-0x0000000000400000-0x00000000004F5000-memory.dmp upx behavioral2/memory/2472-12-0x0000000000400000-0x00000000004F5000-memory.dmp upx behavioral2/memory/2472-13-0x0000000000400000-0x00000000004F5000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\PromoReg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\22edadd8c4cbf1aa564cc1aadb0577f4_JaffaCakes118.exe" 22edadd8c4cbf1aa564cc1aadb0577f4_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2472 22edadd8c4cbf1aa564cc1aadb0577f4_JaffaCakes118.exe 2472 22edadd8c4cbf1aa564cc1aadb0577f4_JaffaCakes118.exe