Overview

overview

10

Static

static

3

37514775ce...18.exe

windows7-x64

10

37514775ce...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11-07-2024 02:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37514775ce8c353351766d3c63bbe20a_JaffaCakes118.exe

  • Size

    4.1MB

  • MD5

    37514775ce8c353351766d3c63bbe20a

  • SHA1

    0c24e04e08453e5ebb51eda74fe703bdd010801a

  • SHA256

    8682b402998f5069e2922a8cec15c4ab875a104c364366e02efed84cecb49355

  • SHA512

    60e746fe63898d3640f9dba29bb49966c97060b4182b38715c3dbb9e556f5828d236248d467143764a4fd47ad2c195af6f801b315b20d0c6185f20aab784873f

  • SSDEEP

    98304:uCoUst7FS9W07TERUZ7imTFMSfLjb4rsLwAYtEShShLHF/w:32t7w9vYKZ7ZHfbRL1yWl4

Score
10/10
pandastealershurkinfostealerspywarestealer

Malware Config

Signatures

  • Panda Stealer payload 15 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • Shurk

    Shurk is an infostealer, written in C++ which appeared in 2021.

    infostealershurk
  • Shurk Stealer payload 15 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37514775ce8c353351766d3c63bbe20a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\37514775ce8c353351766d3c63bbe20a_JaffaCakes118.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/600-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/600-0-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-11-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-12-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-13-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-14-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/600-15-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-16-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-17-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-18-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-19-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-20-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-21-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-22-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-23-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-24-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-25-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download

  • memory/600-26-0x00000000012E0000-0x00000000024B8000-memory.dmp

    Filesize

    17.8MB

    Download