Overview

overview

7

Static

static

3

63c48c9cdf...18.exe

windows7-x64

7

63c48c9cdf...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2024, 15:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63c48c9cdfcb886c607281c5aca0504a_JaffaCakes118.exe

  • Size

    221KB

  • MD5

    63c48c9cdfcb886c607281c5aca0504a

  • SHA1

    c9e8446bff848fe1f3dc8ee3351317a3d6aa2aa2

  • SHA256

    054c32bb057af4c9f1e01c4a083a23456c08a8e1bbb934ecf3e895f3524d6c58

  • SHA512

    c69fca1d47efe607cc48fda8cc83dca364b9525c6753e159dc219a9f151fc32a0326b95f74878aa3292e8224d9134a46317ddf030c00a0b76ef459c1603d2cbb

  • SSDEEP

    6144:T9eR3QydA3DEN9gsJklrFMAhV+GT5DqUE:F3Q/JkdFlhNTQj

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 27 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63c48c9cdfcb886c607281c5aca0504a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\63c48c9cdfcb886c607281c5aca0504a_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    Filesize

    583KB

    MD5

    b909296f90d167f6cc93a9d486efa4b9

    SHA1

    bfb42edc7ee81c9dcafafea2c68cd345790b2599

    SHA256

    7d8db2f268eacda5039890efcbb4d52c170cf6a0f7c14ebe40cbc9cd37d0c50f

    SHA512

    f5102d4ba5787d85a9a7f7c1b4ac105e2089efda56c07819dd5838437b2f205d509ee84af2a6a1384e6a331fba4f941b92c2a45e43e64a629c83f0ebe1343b07

    Download Submit

  • C:\Windows\SysWOW64\msiexec.vir
    Filesize

    218KB

    MD5

    d3cdef4eb1ba9cb47a7d067509b239d7

    SHA1

    b126c8ada58a4995d3cb4f7fa05ac5e53db81949

    SHA256

    394d6cfd9728d9fc6687c4bb45970cc6a4d26fd3fcbe21100acf3c31482dfa84

    SHA512

    979fe45d843b029a286d582a5934d09de424d4f9b51357c086816adf577d593ade08eac0d4db212489ad24ce114b5f292278a9710df0a50a9d679f0a05bdf4bd

    Download Submit

  • memory/4852-0-0x0000000001000000-0x000000000107C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/4852-1-0x000000000100B000-0x000000000100D000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4852-37-0x0000000001000000-0x000000000107C000-memory.dmp

    Filesize

    496KB

    Download