Analysis
-
max time kernel
137s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
22/07/2024, 21:59
General
-
Target
64f2ff9c404b5e4087a428cf8c51320e_JaffaCakes118.exe
-
Size
56KB
-
MD5
64f2ff9c404b5e4087a428cf8c51320e
-
SHA1
bc9d9bbcf4ef6db2ded0cded3ccf61bc88a928fd
-
SHA256
24078691d868c55ed2ac593c4fbe787322e3d621b845410245d99c844622f6a5
-
SHA512
44797077a63d6633e7424a4ebe29586e78aedac355483f39f1c56abbaf84579defb2fe7a637c008be19497da144d188dbf64a049c89723c8e23afc833394f5c8
-
SSDEEP
1536:z4w4ZBpxZhJbaep2cJOxUEOOeoPduSK9O+2sxXGlTO69ZZgji:z2aeYcEyOnfsxuCji
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\64f2ff9c404b5e4087a428cf8c51320e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\64f2ff9c404b5e4087a428cf8c51320e_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\x.bat2⤵
- Drops file in Windows directory
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136B
MD5ca1d9e914351a32f87bdb628cf1573b2
SHA1bb778e7f5772c0aeec841ee2a98405cc00ed75c2
SHA256a49e863f5b6364b4dadf6b4e6f8720fcd424b8aab2a1550cd64567fbbc36a7c8
SHA51200cfdfbd6e6c6413fe0ccc51d00bb6465b86e2d2aa21d610931e86adb89f63b6644a1d1abc56c268ea0edfb74f1b29aabc5463977b2e62912090dfb099a291c0