abe206d59751496351baa7b7b6408c1263bee203cfddcaf7d48e31f62a0b4939

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 06:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f638bbf1afac418ff54d0b41fb46f94_JaffaCakes118.exe
Size

567KB
MD5

2f638bbf1afac418ff54d0b41fb46f94
SHA1

666f45633710b57a9350a8ce2f534d505245dd37
SHA256

abe206d59751496351baa7b7b6408c1263bee203cfddcaf7d48e31f62a0b4939
SHA512

cfb81c94749848047e1fb62195517b1aff30880ec170e76c9ce85683d75803c9ff0e38168b21bfe2fc92d428948bd769ced6c81dcfbe8290e214dea63f935e1c
SSDEEP

12288:+OLtXrAYDLH9tK1q5mUo4K55Ke4ao4X0k/NBcDOnH:TUYD7fKkIcKjKvBGnnH

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1952	2f638bbf1afac418ff54d0b41fb46f94_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1952	2f638bbf1afac418ff54d0b41fb46f94_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2f638bbf1afac418ff54d0b41fb46f94_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2f638bbf1afac418ff54d0b41fb46f94_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1952-3-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-12-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-19-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-46-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-73-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-111-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-139-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-165-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-215-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-242-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-267-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-90-0x0000000077C90000-0x0000000077C91000-memory.dmp

Filesize
4KB

Download
memory/1952-278-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-288-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-287-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-286-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-254-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-292-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-227-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-191-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-190-0x0000000077C90000-0x0000000077C91000-memory.dmp

Filesize
4KB

Download
memory/1952-189-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-188-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-181-0x0000000077C90000-0x0000000077C91000-memory.dmp

Filesize
4KB

Download
memory/1952-178-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-152-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-127-0x0000000077C90000-0x0000000077C91000-memory.dmp

Filesize
4KB

Download
memory/1952-125-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-98-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-87-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-80-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-78-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-75-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-71-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-69-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-67-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-64-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-62-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-60-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-57-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-55-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-50-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-51-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-47-0x0000000077C90000-0x0000000077C91000-memory.dmp

Filesize
4KB

Download
memory/1952-44-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-42-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-38-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-36-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-34-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-31-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-28-0x0000000077C90000-0x0000000077C91000-memory.dmp

Filesize
4KB

Download
memory/1952-25-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-26-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-23-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-18-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-16-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-13-0x0000000077C90000-0x0000000077C91000-memory.dmp

Filesize
4KB

Download
memory/1952-9-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-7-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-4-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/1952-0-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download