Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
13-08-2024 03:57
General
-
Target
9185001efac6324acc6d9392d6f84312_JaffaCakes118.exe
-
Size
917KB
-
MD5
9185001efac6324acc6d9392d6f84312
-
SHA1
73b563870d9071cbe8b400f9c6086d3f5dfdfb79
-
SHA256
168a6483cbfb9761f90855f3f9812c5aad385f4207bfcfd86058f22d8c30badb
-
SHA512
ea88e3a0fb892bafa71e6a8a6e69c9054b9f2cd15801c94d01638ee7ddc7dba29d5490d451674e109c9d2c6c7b01fc793709ace5c31eae745d324444efdf5af6
-
SSDEEP
12288:XXMhkIY4ei7kqpQttnDBNbSb8A43yY7o79tRef2PhQuL6Gyd+r3OTFdLfdVD:XXMhkIKYmtnDBNb1LCd2YqDqeTb
Malware Config
Signatures
-
Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
Processes
-
C:\Users\Admin\AppData\Local\Temp\9185001efac6324acc6d9392d6f84312_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9185001efac6324acc6d9392d6f84312_JaffaCakes118.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
908KB
-
Filesize
956KB