Overview

overview

7

Static

static

3

8baf07df95...18.exe

windows7-x64

7

8baf07df95...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/08/2024, 19:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8baf07df95516b06a949e614920aca95_JaffaCakes118.exe

  • Size

    224KB

  • MD5

    8baf07df95516b06a949e614920aca95

  • SHA1

    0920478d6197f0e7fd4965b43b8747586fea47ff

  • SHA256

    187a5ca5ae9cf33de9a6c297dc5c0011a87a697cf2101492cad0bda0c7e4935a

  • SHA512

    6e6fa4264012a3bd37e697c6e05ce5c7e9613daa7d0eea7f297dd371e07054c4dc8248a6bcb55748ef19d648ad808c7d22d72123e6550893287637a4458fda67

  • SSDEEP

    3072:+aVtoKlTL9ZPt1Z7MmWhRRQV41r6uhfhP5wWG2NHwjjEcoT/fLoctY673dnycr0Q:+aymWhsYWShP5wWOw79tF7MhQ

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\8baf07df95516b06a949e614920aca95_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8baf07df95516b06a949e614920aca95_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2816
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\MICROS~1\TEMPLA~1\LIVECO~1\16\Managed\DOCUME~1\1033\8ACBTM~1.BAT
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4912
      • C:\Windows\SysWOW64\attrib.exe
        attrib -R -S -H "C:\Users\Admin\AppData\Local\Temp\8baf07df95516b06a949e614920aca95_JaffaCakes118.exe"
        3⤵
        • System Location Discovery: System Language Discovery
        • Views/modifies file attributes
        PID:4692
      • C:\Windows\SysWOW64\attrib.exe
        attrib -R -S -H "C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\8ACB.tmp.bat"
        3⤵
        • System Location Discovery: System Language Discovery
        • Views/modifies file attributes
        PID:1396

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\MICROS~1\TEMPLA~1\LIVECO~1\16\Managed\DOCUME~1\1033\8ACB.tmp.bat
          Filesize

          574B

          MD5

          4b8ac2d1d3bb44808c6309146acb53a7

          SHA1

          84fad9d9c3c9e2b214e33a1a9db4901b6583584f

          SHA256

          2e7963a3adca692369d567e5f3f5a8891f721016fc77eff103a4418944fae2ce

          SHA512

          623a3279469802ed853c3a9a205f93d2fae97ee159ebf2c105c2cf84e637dca59a8b940c54331b81494bceffa6a484a67d5e4d3cbdbc71ce83ea79d680febcac

          Download Submit

        • memory/2816-2-0x0000000000400000-0x0000000000439000-memory.dmp

          Filesize

          228KB

          Download

        • memory/2816-0-0x00000000006E0000-0x00000000006E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2816-4-0x0000000000400000-0x0000000000439000-memory.dmp

          Filesize

          228KB

          Download