Overview

overview

7

Static

static

7

a06e46b83c...18.exe

windows7-x64

7

a06e46b83c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/08/2024, 23:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a06e46b83c66b484e4e998729e0f4a24_JaffaCakes118.exe

  • Size

    32KB

  • MD5

    a06e46b83c66b484e4e998729e0f4a24

  • SHA1

    5cf7b28b6dd57d45f25f403e8460db71c98bfcd6

  • SHA256

    8f8017673e586af346253e5fad68a5d33ccd6080b710fca8aa16a725d996afe9

  • SHA512

    88a82bffb2a33aa055834cc3e01d48095dd5f4da1b4faaa62b08a2ff1f781d85b4ffbb8d57d1d2964298f783a570b7f33553ed541146d425f4c8e111fc4adb75

  • SSDEEP

    768:2nXVWaQKNTXTolKwuHs9wfcw7iaZDuwirun7NVZsUyIT:2Xx5XMkXj7N57NVZsUyIT

Score
7/10
discoveryspywarestealerupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a06e46b83c66b484e4e998729e0f4a24_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a06e46b83c66b484e4e998729e0f4a24_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4612
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Users\Admin\AppData\Local\Temp\6WyfZ737dLVYk52L.dat, ServerMain 1c:\users\admin\appdata\local\temp\a06e46b83c66b484e4e998729e0f4a24_jaffacakes118.exe
      2⤵
      • Deletes itself
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4804

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\6WyfZ737dLVYk52L.dat
          Filesize

          3.3MB

          MD5

          fd8dfd9b973ecd63905fc24831701697

          SHA1

          45ebcd96093d92ebded240a5c779235b23f61a42

          SHA256

          5af3d0f73f04075b0b2f24662fa05819296218fa069d42aca032c8400a2a5b05

          SHA512

          e8c6b8db5aa0680a17c898d1a6a2fe9066b38a139d7b27d881fd008596671fdbf45cd7326e5317a39dde9e5a3d73b1707809da9974c6c50d6f428a0de000dc12

          Download Submit

        • memory/4612-0-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4612-4-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4612-7-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download