5c7e4b927889538272ab2f56bafa0cf9cd87973c3a388a1a9a7d2d11a0ee2071

Analysis

max time kernel
150s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 12:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe
Size

459KB
MD5

29fd98538352513258ce3e227557c0e8
SHA1

852f37b2eeed6245436a496d729b3aa7e5e14e68
SHA256

5c7e4b927889538272ab2f56bafa0cf9cd87973c3a388a1a9a7d2d11a0ee2071
SHA512

f240ec1c990fdf7ee3615e48d382e3d0422f7931e2febde458a01931d823e5335b7f2062fb705d233339df8df0ae5748032c0eede64ccf9cfd0df8c03931a8af
SSDEEP

12288:a3aOZZnaNk09pBKhWSzJmNoVqsd5yAi8YWeR+:a3aMZnSk09pCWSzvf4Ai8vU+

Score

9^/10

evasion spyware stealer upx

Malware Config

Signatures

Checks for common network interception software 1 TTPs
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
evasion

Software Discovery
T1518

Enumerates VirtualBox registry keys 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest	29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe
File created	C:\Windows\system32\drivers\etc\hosts	29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2732-0-0x0000000000430000-0x00000000004D4000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2732	29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe
2732	29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe"
1⤵
- Enumerates VirtualBox registry keys
- Drops file in Drivers directory
- Suspicious behavior: EnumeratesProcesses
PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Software Discovery

T1518

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2732-0-0x0000000000430000-0x00000000004D4000-memory.dmp

Filesize
656KB

Download
memory/2732-1-0x0000000000E10000-0x0000000000E15000-memory.dmp

Filesize
20KB

Download
memory/2732-2-0x0000000000E10000-0x0000000000E15000-memory.dmp

Filesize
20KB

Download
memory/2732-3-0x0000000000430000-0x00000000004B3000-memory.dmp

Filesize
524KB

Download
memory/2732-4-0x0000000000430000-0x00000000004D4000-memory.dmp

Filesize
656KB

Download
memory/2732-6-0x0000000000430000-0x00000000004B3000-memory.dmp

Filesize
524KB

Download
memory/2732-7-0x0000000000430000-0x00000000004D4000-memory.dmp

Filesize
656KB

Download
memory/2732-9-0x0000000000430000-0x00000000004D4000-memory.dmp

Filesize
656KB

Download
memory/2732-11-0x0000000000430000-0x00000000004D4000-memory.dmp

Filesize
656KB

Download
memory/2732-17-0x0000000000430000-0x00000000004D4000-memory.dmp

Filesize
656KB

Download
memory/2732-19-0x0000000000430000-0x00000000004D4000-memory.dmp

Filesize
656KB

Download
memory/2732-21-0x0000000000430000-0x00000000004D4000-memory.dmp

Filesize
656KB

Download