Overview

overview

7

Static

static

7

66ef388ab4...18.exe

windows7-x64

7

66ef388ab4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 09:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    66ef388ab4eac0c68eab5218f79cee66_JaffaCakes118.exe

  • Size

    218KB

  • MD5

    66ef388ab4eac0c68eab5218f79cee66

  • SHA1

    00e636161469e04c3e447f1481047e0f26a3b89e

  • SHA256

    4ceb46bf96c78dc16037584e11da3a0ab8e0f2b1b3789945a06734b4cac01a16

  • SHA512

    722640b56b3c2343f751f84bc1aace474615bbf556dea0409a3137d0ed434e79e92e3f4dd2b249b4977ea0516abd103639f06238588eef7f8adcde03c6fbc8cc

  • SSDEEP

    6144:sbpG8jWNHwNxkKNQ3kH+VfDsvFXyeHsZyoYDbiZWue:hZQMmQ3Fx2FCc9zb7ue

Score
7/10
spywarestealerupx

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 27 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66ef388ab4eac0c68eab5218f79cee66_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\66ef388ab4eac0c68eab5218f79cee66_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:908

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          Filesize

          567KB

          MD5

          43dd50dbf231bb0e1476526586b1d2c8

          SHA1

          e26e5ec5eff10d626332ddb58cb84f015e08865e

          SHA256

          6c3195353cc7b7140261a0dc65483aa61b28801e9ff3d741606ccb63fabbe6b7

          SHA512

          b75e9b0567f7d5155498e1013957a177f4901908e443d5949f9dd114bd1a1ccca91c07c212ef4282508839df5a1c5f8eea95c4f7b304e43d386d2ad41c77eb1b

          Download Submit

        • C:\Windows\SysWOW64\msiexec.vir
          Filesize

          202KB

          MD5

          cf59923529625e649e7cf3d4787c8df3

          SHA1

          96c0e8d1088b6ff52e8e48df34f3e017a61e93da

          SHA256

          bfe5ac25b552ef65de94a24dc4ef7bb4b43bfb0b77e695e731e37fab4f6cc61e

          SHA512

          47ccb8fed591c0c2322d4ad74d9f9d9d0cbecf000ea9f04aa687ecbc522897b17b7f6a40ef1a94f11558fea65a476a1f962fee0087ca02fbe515cd99395ccd0b

          Download Submit

        • memory/908-0-0x0000000001000000-0x000000000108F000-memory.dmp

          Filesize

          572KB

          Download