Analysis
-
max time kernel
141s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
13/08/2024, 15:15
General
-
Target
93a03728051a0a301b6b0726a324da11_JaffaCakes118.exe
-
Size
44KB
-
MD5
93a03728051a0a301b6b0726a324da11
-
SHA1
a1988e5c8ee9d119261c50897c3f092a044dc599
-
SHA256
15bbca27ba7b7d64637b0d9ebf9696d4b8a3e4b5542e20212de2763ab5d944da
-
SHA512
27c3e0c7597812f6bac94bcaa74f1838f059d93ee89bd1836ae4f56c12ee40fa21aef0c2839e739ed19dc552ffe1b3e17341a16e2b09d28bbac641d84b772584
-
SSDEEP
768:eyX3LKew369lp2z3Sd4baFXLjwP/Tgj93b8NIoFAZmUhpMCQrP5ntyuJ9Ab:egKcR4mjD9r82cSMCQD5d2
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 7 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\93a03728051a0a301b6b0726a324da11_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\93a03728051a0a301b6b0726a324da11_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
349KB
MD509132fda68921e5b2a95eb2ca64fc487
SHA180fee3ab4c9171e2706c39cc584a4fc423ac4cbf
SHA256c3f4fd99475eb81577a42c0fbec15aa375e853111ea0e9f382b25722dac45289
SHA512db9862f04129123f9044b6f5b1d8131fc422cebe33d8feb34a60622a10f40e19e96385b10491c242400b675d9c5e6ecadd855182f7336b7d5538ceab69788b00
-
Filesize
44KB
MD502e866e507b8ae43c9868575401fe204
SHA11bdc4bc81d47edf9864c534a4b55a9286dedbf85
SHA25606a660fd9091fd14cec34f949cc0a6c8ee482c5e5ea83dc53dde38581b2f45f9
SHA512f4b32b5906e38cdf3ca702ab318f53fc967d17336e6bff9757212a8186c2dc28102d419efbf6b7eddcc7ee23892b6569ded3679a908a963d07af9f9d20ac4fdc
-
Filesize
28KB
MD5e6150447c894ade7b2b9ee88d5933922
SHA1dc62f7f9ff1a492adadbc8b6321c0b7b9cd973d1
SHA256b612d46644d0e4a3829c4d6715f71d979103aa487624805363b36f5b4f92b118
SHA512d6db2b459723005662a646357bd60ab6e5cf77ab4f83868c91e725e45c32b44900c32724883df6aa4a0e85cbf7441bea159334f3080cfe8e7acec540aa996ff0
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB