Overview

overview

7

Static

static

3

3c742f3018...18.exe

windows7-x64

7

3c742f3018...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-07-2024 07:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c742f30186ec7a426c6e542396aca90_JaffaCakes118.exe

  • Size

    55KB

  • MD5

    3c742f30186ec7a426c6e542396aca90

  • SHA1

    cfab18b937c5f98f9ce6d9c4c4b668603c7514f6

  • SHA256

    9bee6837664200171c2b2949fbc4b0518358bbfebac622cea5f25cf4742dab19

  • SHA512

    0fc9c1c307692af545e2f8b5c8c524a408da3a0142f36c2db7b8b2fc465ee43cfa024df8d00e2093c0c48c9d1ab18e0b45147bc8b86c3f1204f4a9938909ebeb

  • SSDEEP

    768:PxGU0EFrLa7Dl8Dljw4szpldYTL7eO7F+33j3mxtFOg:PGd8odYTHeyF+3qwg

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c742f30186ec7a426c6e542396aca90_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3c742f30186ec7a426c6e542396aca90_JaffaCakes118.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:2340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NO_PWDS_report_12-07-2024_07-20-40-6E6D7ABD-PONK.bin
    Filesize

    1KB

    MD5

    6c9a9dc83319e4e9434d39647fb4a1c9

    SHA1

    daa109a1c3e171f879f6aba4a28d3c63ba2a7534

    SHA256

    3cde80989a9958eb99bafc39b23c01df9f4210933436164a2f4144fefc50ecfa

    SHA512

    4b3bce4bb6b24b00467118689011db6d2414de2431f68c391358061db0e6a193823c73fab2b7c737154a7bca1ab7379ee196e552cffbdfc712423f312dacafbc

    Download Submit

  • memory/2340-0-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/2340-10-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download