153112ede14a1db97ababcf8af9522bb6958cee9269a9cef09fd23d34846aefe

Analysis

max time kernel
94s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34717edb162c6cabf5b3404de905bf1e_JaffaCakes118.exe
Size

224KB
MD5

34717edb162c6cabf5b3404de905bf1e
SHA1

9d4d6ceec22e71d9f1d39d85ff000d73be85ee7e
SHA256

153112ede14a1db97ababcf8af9522bb6958cee9269a9cef09fd23d34846aefe
SHA512

7c48ea9aa4301bb5f38589d79c4556dec9718ad80bf49e4cdbd6a54ab5333c6d75cb32d39535519e56b32df0d1badb43fc27061aac0b10829f71908ae7560e47
SSDEEP

6144:33H6hp7qQ7X2B3Vx9BkeUsRd8aUiESv1JVFOdDo:336hp7q73/rkeUs38OFJb

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2688	34717edb162c6cabf5b3404de905bf1e_JaffaCakes118.exe
2688	34717edb162c6cabf5b3404de905bf1e_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 3008	2688	34717edb162c6cabf5b3404de905bf1e_JaffaCakes118.exe	83
PID 2688 wrote to memory of 3008	2688	34717edb162c6cabf5b3404de905bf1e_JaffaCakes118.exe	83
PID 2688 wrote to memory of 3008	2688	34717edb162c6cabf5b3404de905bf1e_JaffaCakes118.exe	83
PID 3008 wrote to memory of 4660	3008	cmd.exe	85
PID 3008 wrote to memory of 4660	3008	cmd.exe	85
PID 3008 wrote to memory of 4660	3008	cmd.exe	85
PID 3008 wrote to memory of 5076	3008	cmd.exe	86
PID 3008 wrote to memory of 5076	3008	cmd.exe	86
PID 3008 wrote to memory of 5076	3008	cmd.exe	86

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4660	attrib.exe
5076	attrib.exe

C:\Users\Admin\AppData\Local\Temp\34717edb162c6cabf5b3404de905bf1e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\34717edb162c6cabf5b3404de905bf1e_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\MICROS~1\TEMPLA~1\LIVECO~1\16\User\WORDDO~2\6DFCTM~1.BAT
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Windows\SysWOW64\attrib.exe
    attrib -R -S -H "C:\Users\Admin\AppData\Local\Temp\34717edb162c6cabf5b3404de905bf1e_JaffaCakes118.exe"
    3⤵
    - Views/modifies file attributes
    PID:4660
- - C:\Windows\SysWOW64\attrib.exe
    attrib -R -S -H "C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Word Document Building Blocks\6DFC.tmp.bat"
    3⤵
    - Views/modifies file attributes
    PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\MICROS~1\TEMPLA~1\LIVECO~1\16\User\WORDDO~2\6DFC.tmp.bat

Filesize
586B

MD5
d1871f1d41468e6c221795c9ff5a4ead

SHA1
83859ddb30e1ae0dc80d00dd5c14236fc209928b

SHA256
81a2f7cf7e296a21e3b43fd5de95847c68fab49761778acb2ddb17d2eb094e60

SHA512
0b1f30145f90dc7b3ba4cbc40885ca7efc638ada3466e3088e39a2e1db467401f460a958a84d24d0a1d3f810bd5d41f4403a7aa2ab22b4c3ac63acaa7a852d39

Download Submit
memory/2688-0-0x0000000000600000-0x0000000000604000-memory.dmp

Filesize
16KB

Download
memory/2688-1-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2688-3-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download