Overview

overview

10

Static

static

7

4fa92125f1...18.exe

windows7-x64

10

4fa92125f1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    16-07-2024 19:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4fa92125f142c9482042ad2e16304a91_JaffaCakes118.exe

  • Size

    5.6MB

  • MD5

    4fa92125f142c9482042ad2e16304a91

  • SHA1

    b8e7bf37536a2b584353249a4477a1dee70a521d

  • SHA256

    32da299f99a55abadb05d2186aaf98fe698a355e621e3adfaca495bca1e72e49

  • SHA512

    97ed371a8578872c00569630a0a011dc9295857b4956dff48a76fcc53c14fc0fa5af5930796e57121bc7dd1e319d061572c2aa2a2ad2b05df723232ec45d351e

  • SSDEEP

    98304:tQ0w3+5DQOkuDBjTNvSxTEBvNFhgfBInGMcFepd7hPhz6osh3eyufC5FKId2nM1X:O0w3+5DDFjTNvvFsfYcspd7hJz8wyb51

Score
10/10
pandastealershurkinfostealerspywarestealervmprotect

Malware Config

Signatures

  • Panda Stealer payload 4 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • Shurk

    Shurk is an infostealer, written in C++ which appeared in 2021.

    infostealershurk
  • Shurk Stealer payload 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4fa92125f142c9482042ad2e16304a91_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4fa92125f142c9482042ad2e16304a91_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2700-7-0x0000000000A3A000-0x0000000000D6B000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-5-0x00000000009C0000-0x0000000001301000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/2700-4-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2700-2-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2700-0-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2700-15-0x00000000009C0000-0x0000000001301000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/2700-16-0x00000000009C0000-0x0000000001301000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/2700-20-0x0000000000A3A000-0x0000000000D6B000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2700-21-0x00000000009C0000-0x0000000001301000-memory.dmp

    Filesize

    9.3MB

    Download