Overview

overview

9

Static

static

3

889800c260...18.exe

windows7-x64

9

889800c260...18.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/08/2024, 02:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    889800c260bacd03f009ffa09331c7eb_JaffaCakes118.exe

  • Size

    748KB

  • MD5

    889800c260bacd03f009ffa09331c7eb

  • SHA1

    c370fb627bd083bc5090cf573f6f668bc1a76817

  • SHA256

    26efde628a7d76565c81f093308e36cbf5613a746f10ae90b35910c3117ae95b

  • SHA512

    9a9fe2c6bbc5f710fdaab5c66a83a99d646f8699c1f3ce4288901d1486430b4be815de1a7076e2b70c4e7f4a27b343fba738b1b07ecd722b08fc4c500be257a7

  • SSDEEP

    12288:ZyFIUUz8iVmHZ9SqC64HbY30bcoLmvLW6Y:Z1UomHD9CZHM3XoLmvnY

Score
9/10
credential_accessdiscoveryspywarestealer

Malware Config

Signatures

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\889800c260bacd03f009ffa09331c7eb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\889800c260bacd03f009ffa09331c7eb_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:4548
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
    1⤵
      PID:4532
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1348
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
      1⤵
        PID:3808
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
        1⤵
          PID:5068
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
          1⤵
            PID:4244
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1308,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=3832 /prefetch:8
            1⤵
              PID:2312
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
              • Suspicious use of SetWindowsHookEx
              PID:4328
            • C:\Windows\system32\rundll32.exe
              "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
              1⤵
                PID:1372
              • C:\Windows\system32\rundll32.exe
                "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
                1⤵
                  PID:4812
                • C:\Windows\system32\rundll32.exe
                  "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
                  1⤵
                    PID:3392
                  • C:\Windows\system32\rundll32.exe
                    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
                    1⤵
                      PID:4512
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                      • Suspicious use of SetWindowsHookEx
                      PID:3060
                    • C:\Windows\system32\rundll32.exe
                      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
                      1⤵
                        PID:4948
                      • C:\Windows\system32\rundll32.exe
                        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
                        1⤵
                          PID:2856
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                          • Suspicious use of SetWindowsHookEx
                          PID:4364
                        • C:\Windows\system32\rundll32.exe
                          "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
                          1⤵
                            PID:4508
                          • C:\Windows\system32\rundll32.exe
                            "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
                            1⤵
                              PID:3736
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                              • Suspicious use of SetWindowsHookEx
                              PID:4444
                            • C:\Windows\system32\rundll32.exe
                              "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
                              1⤵
                                PID:556
                              • C:\Windows\system32\rundll32.exe
                                "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
                                1⤵
                                  PID:792
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                  • Suspicious use of SetWindowsHookEx
                                  PID:452
                                • C:\Windows\system32\rundll32.exe
                                  "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
                                  1⤵
                                    PID:4220
                                  • C:\Windows\system32\rundll32.exe
                                    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
                                    1⤵
                                      PID:3584

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jcp
                                      Filesize

                                      8KB

                                      MD5

                                      70f922f5191f6083dab2f4a6879bce89

                                      SHA1

                                      6e82ae45f14a29fdb2acf7f186864ae095e22ac3

                                      SHA256

                                      dee4f6871d4a8a58b4b29a4f4e4bbef8aa9e18305addb027647556cc394483e7

                                      SHA512

                                      e0c11a417961804a47fd58db1bd4c7d20d1c1233b8b778c7ce791c68a278271af13ad16cd6b1ebe0e21358cf0bc871745ea7dde858ef00cc56146b2d2420a75d

                                      Download Submit

                                    • memory/1348-51-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-53-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-37-0x00000122A7750000-0x00000122A7751000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-40-0x00000122A7760000-0x00000122A7761000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-39-0x00000122A7750000-0x00000122A7751000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-41-0x00000122A7760000-0x00000122A7761000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-42-0x00000122A7760000-0x00000122A7761000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-43-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-44-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-45-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-46-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-47-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-49-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-48-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-35-0x00000122A7610000-0x00000122A7611000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-50-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-54-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-52-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-17-0x000001229F450000-0x000001229F460000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/1348-56-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-0-0x000001229F340000-0x000001229F350000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/1348-57-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-58-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-59-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-61-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-60-0x00000122A7780000-0x00000122A7781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-62-0x00000122A7790000-0x00000122A7791000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-63-0x00000122A7790000-0x00000122A7791000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-64-0x00000122A77A0000-0x00000122A77A1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-65-0x00000122A77F0000-0x00000122A77F1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1348-66-0x00000122A77F0000-0x00000122A77F1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download