Overview

overview

7

Static

static

1

5defb240d9...18.exe

windows7-x64

7

5defb240d9...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2024 22:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5defb240d9163f1597500a432b728583_JaffaCakes118.exe

  • Size

    93KB

  • MD5

    5defb240d9163f1597500a432b728583

  • SHA1

    2830f05de092dbd272ae4a0d0757bc349bcec0b0

  • SHA256

    4f17b65731441ca476da2ce712ffcac182a0d1fad726f6198f9fc3909d1027fc

  • SHA512

    33cde067956e69400fb814dfd4f6a8266f11b8b9a8214ab9269c3ba07cc69a5ffc6b100e6c7afa01ef4d51968ad920af930fa06461ded307acdbb847ffe3cfd8

  • SSDEEP

    1536:ZGsdnu0W53JyYg1srKeC/06TE33dErK1QwJqRptGGF4ID2isKld9:Z5dnu0W5ZyYi+KpM6TWrwrtGGF4IXh

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1332
      • C:\Users\Admin\AppData\Local\Temp\5defb240d9163f1597500a432b728583_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\5defb240d9163f1597500a432b728583_JaffaCakes118.exe"
        2⤵
        • Adds Run key to start application
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2776
        • C:\Users\Admin\AppData\Local\Temp\5defb240d9163f1597500a432b728583_JaffaCakes118.exe
          "C:\Users\Admin\AppData\Local\Temp\5defb240d9163f1597500a432b728583_JaffaCakes118.exe"
          3⤵
            PID:2788

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\readme.eml
        Filesize

        14KB

        MD5

        10033a5b323c83dbdab01ed4b4dd15a2

        SHA1

        bb586ab5ae7c1f519873fda780c7a7f3b7b221a7

        SHA256

        f9a180524236959f7c4797af74c380fd32599b322a1a940c3a555e630d4d8eed

        SHA512

        0e27661c7987552f7189fa6457a5fd74a4387c2a9f33d4dab7938f1c70373b7832f5c3d65fb06ea83fcb94492f2fa75d0acb57638cdf4a2088503d286fc0c22f

        Download Submit

      • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
        Filesize

        12KB

        MD5

        8156706568e77846b7bfbcc091c6ffeb

        SHA1

        792aa0db64f517520ee8f745bee71152532fe4d2

        SHA256

        5e19cfbd6690649d3349e585472385186d99f56a94dc32d9073b83011cea85f8

        SHA512

        8760f26069296f0fe09532f1244d93a57db4cafa8d06aaa9dc981bcaed4bde05366ef21e6f0c1aadad4478382b59a4e43d26c04185cf2ed965901321d05604b8

        Download Submit

      • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
        Filesize

        8KB

        MD5

        7757fe48a0974cb625e89012c92cc995

        SHA1

        e4684021f14053c3f9526070dc687ff125251162

        SHA256

        c0a8aa811a50c9b592c8f7987c016e178c732d7ebfd11aa985a8f0480539fa03

        SHA512

        b3d4838b59f525078542e7ebbf77300d6f94e13b0bff1c9a2c5b44a66b89310a2593815703f9571565c18b0cdeb84e9e48432208aaa25dff9d2223722902d526

        Download Submit

      • C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
        Filesize

        451KB

        MD5

        d4d58ef7f87b04c54c97a57735b98d34

        SHA1

        abe3e1d08a64eb13c4dc4f88ba10237a7907a8f8

        SHA256

        86aa0830f91338316a2a1c988d3fdd16c7e58623162b2f5da3fd96fcd90666b3

        SHA512

        5fb9f3b77c17e6bcc5222b38966a66079b07bc339ab9e21fe12ae7caf1a7826fd86eb28de0ec8fd166a27bea3aeb4994ef0595dd7b30b7e2d05fc71e69d76358

        Download Submit

      • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        Filesize

        640KB

        MD5

        e208b9bb70a95bfc8528eaf9825c494e

        SHA1

        ca2eca526936bd763472434f4e759f8e438f8512

        SHA256

        b9f9c85fba9df0cd41199627f059631a33fe55c7549f79d3dc35180c1469c3ee

        SHA512

        739b8a458dc2006fb239fa27d47084c26dbd68fc04694297907f5dc72d9225a6460354e393f37e9c006e62f4efd2ffbab2da55e8a8a6ad15e73f07bffc8a3079

        Download Submit

      • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        Filesize

        640KB

        MD5

        848c4e798c0f7aba4f3512a2507d47ff

        SHA1

        d57c3142fb185a3a106b7ae0f11f70c4f5e9d1ce

        SHA256

        72fc077bdf138c66064af11c617458e218276594c263f97214ec824296f0907c

        SHA512

        7c8006ff0cdd3a58233f873833a03c456d23701047b18aca834e18a52a148df7d07c4f4eeb8ab653cf8eb17345b3087ff2079ea2770360119d35aa12fb7fff4e

        Download Submit

      • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
        Filesize

        461KB

        MD5

        802387282bdc2b14dc4b0e5d0b3e6324

        SHA1

        c0028338b4a952302091bd388ec23f103d4ab517

        SHA256

        3f83667dcecce4b17dff2d6237c78319df8e9a12365bb6a63806442c3b765fc9

        SHA512

        5baf13a89af68eb314ea9825f78476b2fe0aedb4d05793d5116ae2b8910f42b410b65fc997f19b72e56a88e032a1735b9ea1da9835dea851169a12aa83bb2a9b

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        451KB

        MD5

        c80e6a83d50d306ae5eed36181fb69d9

        SHA1

        5532909abb3e68cfd788e57ac199db779ec33dd5

        SHA256

        943af2f044701e9228c540fe9b2491f751774665913c6281b4b78ffdbb71c607

        SHA512

        25e7716e568579fb165bcebfaa8b40d01478a4286816eb2e4148f03411f547bc57d633c3820e3e5f76739f042de22913503c93725b6bc884a23077b86470a641

        Download Submit

      • C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
        Filesize

        461KB

        MD5

        4af1a019ca97941523153165d45618e2

        SHA1

        fd2eed0a0583b8abf893a3c942a027b62a6dda34

        SHA256

        264de865f58cc924375dd34333dc81b982d173c3d16dad5c77e1af604748f79b

        SHA512

        d15eaf6cdc29244099387ae613423873ece3c48696c8f0c8efebb143cb41084ed2127c6df18bb5411d0c774f04ac36330035e6a451f1645196857637da3c6bbf

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ose00000.exe
        Filesize

        152KB

        MD5

        58555e690dc0627bb58599920819c84c

        SHA1

        a2747df767768cd2e730d8138ba90aa299266c21

        SHA256

        05a987972fe78bbc9718cddee9160abe72f00a732c79a6fa8192803fb3953c71

        SHA512

        7acf03d3cd3afb42114cd4aed2e8be97fd0ad4aed3aed5d34741bb7eb8a35a761603cbebc71c1001aad9f5f0e8d725c57982a36010fddfaaf91868048945bc4e

        Download Submit

      • C:\Windows\SysWOW64\runouce.exe
        Filesize

        10KB

        MD5

        50caa9318f37b8b4383faded3ca8582d

        SHA1

        a776eb04f840acef0b9d572bb516d0aae4470550

        SHA256

        71752e50471dc5848b4230f7e57f5c0e49995679ffe23f94d3d5f05716c8f489

        SHA512

        cbbffe83ebc69173d82dadf339b4d50e1c4a26c5e9a0561c86e21862bd8873725f8523582d6934b55fd276dc142fae01e9d47452071ef46ac9ecbd65b86afc6b

        Download Submit

      • C:\vcredist2010_x86.log.html
        Filesize

        81KB

        MD5

        1e0debb0abde842b91f79aa72ba114f5

        SHA1

        b3fdb9bf7d904ed09ae8c9504c67276365c52586

        SHA256

        e52efae39cc0a7c4e335ddb7b2a1bdf1cefe1514a0b7c1fb4e95498ebb33c1f2

        SHA512

        e35a1c2f7c0d0af14eb1214b1003b4946f206b77b91574d3a1d1950b0dfaf566e6e119664761c40d9e10a3ce7ab041d7e4d7a17a41c4f5d2e4cf83f047d09660

        Download Submit

      • memory/1332-5-0x00000000029C0000-0x00000000029C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1332-4-0x00000000029C0000-0x00000000029C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2776-0-0x0000000030000000-0x000000003001A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2776-894-0x0000000030000000-0x000000003001A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2776-895-0x0000000000220000-0x000000000023A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2776-1-0x0000000000220000-0x000000000023A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2788-2-0x0000000030000000-0x000000003001A000-memory.dmp

        Filesize

        104KB

        Download