Overview

overview

9

Static

static

7

2bb3627155...18.exe

windows7-x64

9

2bb3627155...18.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 08:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2bb36271555dc384731a184f30ad0361_JaffaCakes118.exe

  • Size

    612KB

  • MD5

    2bb36271555dc384731a184f30ad0361

  • SHA1

    7f90fb02f8ea12d9cf88db7dbeab905078ab0b17

  • SHA256

    409d302c26b6b825cac87a7568421531c399c7e4454ce4316f97ae6245f05804

  • SHA512

    6c32c1f9e5a58fee56fc0dd7cee2ade7a826cb32ff871d9709ac9bafeb763a98ec211ec7dfcf23107454d27cc6c1dbde014291ba690a2e7e45952eaa4b88ce68

  • SSDEEP

    12288:I9RhZOZMNfxkqo6pLcAKHIZ7hP576qLwkPjMj7QYrSqSgUIwT:I9RTNf5o61c8pT76qL1gYOSflT

Score
9/10
collectionspywarestealerupx

Malware Config

Signatures

  • NirSoft MailPassView 3 IoCs

    Password recovery tool for various email clients

  • Nirsoft 25 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 42 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
    collection
  • Suspicious use of SetThreadContext 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bb36271555dc384731a184f30ad0361_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2bb36271555dc384731a184f30ad0361_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3632
    • C:\Users\Admin\AppData\Local\Temp\2bb36271555dc384731a184f30ad0361_JaffaCakes118.exe
      /stext "C:\Users\Admin\AppData\Local\Temp\offc.dat"
      2⤵
        PID:3164
      • C:\Users\Admin\AppData\Local\Temp\2bb36271555dc384731a184f30ad0361_JaffaCakes118.exe
        /stext "C:\Users\Admin\AppData\Local\Temp\mess.dat"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2544
      • C:\Users\Admin\AppData\Local\Temp\2bb36271555dc384731a184f30ad0361_JaffaCakes118.exe
        /stext "C:\Users\Admin\AppData\Local\Temp\mail.dat"
        2⤵
        • Accesses Microsoft Outlook accounts
        PID:3664
      • C:\Users\Admin\AppData\Local\Temp\2bb36271555dc384731a184f30ad0361_JaffaCakes118.exe
        /stext "C:\Users\Admin\AppData\Local\Temp\dial.dat"
        2⤵
          PID:1208
        • C:\Users\Admin\AppData\Local\Temp\2bb36271555dc384731a184f30ad0361_JaffaCakes118.exe
          /stext "C:\Users\Admin\AppData\Local\Temp\chro.dat"
          2⤵
            PID:3404
          • C:\Users\Admin\AppData\Local\Temp\2bb36271555dc384731a184f30ad0361_JaffaCakes118.exe
            /stext "C:\Users\Admin\AppData\Local\Temp\iexp.dat"
            2⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2572
          • C:\Users\Admin\AppData\Local\Temp\2bb36271555dc384731a184f30ad0361_JaffaCakes118.exe
            /stext "C:\Users\Admin\AppData\Local\Temp\ptsg.dat"
            2⤵
              PID:3140
            • C:\Users\Admin\AppData\Local\Temp\2bb36271555dc384731a184f30ad0361_JaffaCakes118.exe
              /stext "C:\Users\Admin\AppData\Local\Temp\ffox.dat"
              2⤵
                PID:224
              • C:\Users\Admin\AppData\Local\Temp\2bb36271555dc384731a184f30ad0361_JaffaCakes118.exe
                /stext "C:\Users\Admin\AppData\Local\Temp\opra.dat"
                2⤵
                  PID:2988

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\dial.dat
                Filesize

                2B

                MD5

                f3b25701fe362ec84616a93a45ce9998

                SHA1

                d62636d8caec13f04e28442a0a6fa1afeb024bbb

                SHA256

                b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                SHA512

                98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\offc.dat
                Filesize

                723B

                MD5

                49f7a5322666e4439125edf0c8b35f59

                SHA1

                5e53442f2b9915d71f5cb874ffddb04e1be85ec8

                SHA256

                b76f21060c86e1d851fe1dac626f1f9bb5b1bc42b63529b6f5050beab67c7957

                SHA512

                b1d603cc32e8bf4adf33bd4b8863b3c6f303d1f95b499d9df4e06bbd649c1a2fa98afa3c058092bcf5fa7f82d6fc5ec8f3effafa2ed771014a68b68b6678ff9d

                Download Submit

              • memory/224-66-0x0000000000400000-0x0000000000419000-memory.dmp

                Filesize

                100KB

                Download

              • memory/224-62-0x0000000000400000-0x0000000000419000-memory.dmp

                Filesize

                100KB

                Download

              • memory/224-59-0x0000000000400000-0x0000000000419000-memory.dmp

                Filesize

                100KB

                Download

              • memory/224-61-0x0000000000400000-0x0000000000419000-memory.dmp

                Filesize

                100KB

                Download

              • memory/1208-28-0x0000000000400000-0x0000000000418000-memory.dmp

                Filesize

                96KB

                Download

              • memory/1208-31-0x0000000000400000-0x0000000000418000-memory.dmp

                Filesize

                96KB

                Download

              • memory/1208-30-0x0000000000400000-0x0000000000418000-memory.dmp

                Filesize

                96KB

                Download

              • memory/1208-36-0x0000000000400000-0x0000000000418000-memory.dmp

                Filesize

                96KB

                Download

              • memory/1208-32-0x0000000000400000-0x0000000000418000-memory.dmp

                Filesize

                96KB

                Download

              • memory/2544-16-0x0000000000400000-0x0000000000425000-memory.dmp

                Filesize

                148KB

                Download

              • memory/2544-11-0x0000000000400000-0x0000000000425000-memory.dmp

                Filesize

                148KB

                Download

              • memory/2544-18-0x0000000000400000-0x0000000000425000-memory.dmp

                Filesize

                148KB

                Download

              • memory/2544-15-0x0000000000400000-0x0000000000425000-memory.dmp

                Filesize

                148KB

                Download

              • memory/2544-14-0x0000000000400000-0x0000000000425000-memory.dmp

                Filesize

                148KB

                Download

              • memory/2572-51-0x0000000000400000-0x000000000041B000-memory.dmp

                Filesize

                108KB

                Download

              • memory/2572-49-0x0000000000400000-0x000000000041B000-memory.dmp

                Filesize

                108KB

                Download

              • memory/2572-54-0x0000000000400000-0x000000000041B000-memory.dmp

                Filesize

                108KB

                Download

              • memory/2572-50-0x0000000000400000-0x000000000041B000-memory.dmp

                Filesize

                108KB

                Download

              • memory/2988-73-0x0000000000400000-0x0000000000419000-memory.dmp

                Filesize

                100KB

                Download

              • memory/2988-68-0x0000000000400000-0x0000000000419000-memory.dmp

                Filesize

                100KB

                Download

              • memory/2988-69-0x0000000000400000-0x0000000000419000-memory.dmp

                Filesize

                100KB

                Download

              • memory/2988-70-0x0000000000400000-0x0000000000419000-memory.dmp

                Filesize

                100KB

                Download

              • memory/3140-58-0x0000000000400000-0x0000000000410000-memory.dmp

                Filesize

                64KB

                Download

              • memory/3140-56-0x0000000000400000-0x0000000000410000-memory.dmp

                Filesize

                64KB

                Download

              • memory/3140-55-0x0000000000400000-0x0000000000410000-memory.dmp

                Filesize

                64KB

                Download

              • memory/3164-6-0x0000000000400000-0x0000000000418000-memory.dmp

                Filesize

                96KB

                Download

              • memory/3164-5-0x0000000000400000-0x0000000000418000-memory.dmp

                Filesize

                96KB

                Download

              • memory/3164-3-0x0000000000400000-0x0000000000418000-memory.dmp

                Filesize

                96KB

                Download

              • memory/3164-9-0x0000000000400000-0x0000000000418000-memory.dmp

                Filesize

                96KB

                Download

              • memory/3164-7-0x0000000000400000-0x0000000000418000-memory.dmp

                Filesize

                96KB

                Download

              • memory/3404-38-0x0000000000400000-0x000000000043E000-memory.dmp

                Filesize

                248KB

                Download

              • memory/3404-42-0x0000000000400000-0x000000000043E000-memory.dmp

                Filesize

                248KB

                Download

              • memory/3404-47-0x0000000000400000-0x000000000043E000-memory.dmp

                Filesize

                248KB

                Download

              • memory/3404-45-0x0000000000440000-0x0000000000509000-memory.dmp

                Filesize

                804KB

                Download

              • memory/3404-43-0x0000000000400000-0x000000000043E000-memory.dmp

                Filesize

                248KB

                Download

              • memory/3404-41-0x0000000000400000-0x000000000043E000-memory.dmp

                Filesize

                248KB

                Download

              • memory/3404-40-0x0000000000400000-0x000000000043E000-memory.dmp

                Filesize

                248KB

                Download

              • memory/3632-0-0x0000000000400000-0x00000000004AF000-memory.dmp

                Filesize

                700KB

                Download

              • memory/3632-60-0x0000000000400000-0x00000000004AF000-memory.dmp

                Filesize

                700KB

                Download

              • memory/3632-75-0x0000000000400000-0x00000000004AF000-memory.dmp

                Filesize

                700KB

                Download

              • memory/3664-27-0x0000000000400000-0x000000000041F000-memory.dmp

                Filesize

                124KB

                Download

              • memory/3664-22-0x0000000000400000-0x000000000041F000-memory.dmp

                Filesize

                124KB

                Download

              • memory/3664-23-0x0000000000400000-0x000000000041F000-memory.dmp

                Filesize

                124KB

                Download

              • memory/3664-24-0x0000000000400000-0x000000000041F000-memory.dmp

                Filesize

                124KB

                Download

              • memory/3664-21-0x0000000000400000-0x000000000041F000-memory.dmp

                Filesize

                124KB

                Download

              • memory/3664-19-0x0000000000400000-0x000000000041F000-memory.dmp

                Filesize

                124KB

                Download