9bee6837664200171c2b2949fbc4b0518358bbfebac622cea5f25cf4742dab19

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c742f30186ec7a426c6e542396aca90_JaffaCakes118.exe
Size

55KB
MD5

3c742f30186ec7a426c6e542396aca90
SHA1

cfab18b937c5f98f9ce6d9c4c4b668603c7514f6
SHA256

9bee6837664200171c2b2949fbc4b0518358bbfebac622cea5f25cf4742dab19
SHA512

0fc9c1c307692af545e2f8b5c8c524a408da3a0142f36c2db7b8b2fc465ee43cfa024df8d00e2093c0c48c9d1ab18e0b45147bc8b86c3f1204f4a9938909ebeb
SSDEEP

768:PxGU0EFrLa7Dl8Dljw4szpldYTL7eO7F+33j3mxtFOg:PGd8odYTHeyF+3qwg

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	3c742f30186ec7a426c6e542396aca90_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	3c742f30186ec7a426c6e542396aca90_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	3c742f30186ec7a426c6e542396aca90_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1688	3c742f30186ec7a426c6e542396aca90_JaffaCakes118.exe
1688	3c742f30186ec7a426c6e542396aca90_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3c742f30186ec7a426c6e542396aca90_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c742f30186ec7a426c6e542396aca90_JaffaCakes118.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:1688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ufr_reports\NO_PWDS_report_12-07-2024_07-20-37-636C72B0-BDGN.bin

Filesize
1KB

MD5
b01765df026b603721b8d79cc47dcc40

SHA1
2ceebbc3b5dd2f1df11a98fa26f3e678337b99ca

SHA256
2234cfae57c16af79491aa4191371d657a5b1e0db060fe7412a9dd549efa6c5a

SHA512
0995b821d5786e7dfddf5df530af51dd22b2a7ee5054d374dd1c6e7786cd295dccf2c9484c3a6062b5cc7007cb15e85dce1736ae865b061f80db73ff15d0cc05

Download Submit
memory/1688-0-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/1688-9-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download