Analysis
-
max time kernel
136s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/08/2024, 23:47
General
-
Target
ad13eca79f6b4ce6dd25be461ffffee4_JaffaCakes118.exe
-
Size
309KB
-
MD5
ad13eca79f6b4ce6dd25be461ffffee4
-
SHA1
b7d4a5bb99237a74188926754aee30e16b9d631f
-
SHA256
d70609cdd643604cfbcfaa78335ac061a8620951db0124bc6bd27c2b1b9a5eee
-
SHA512
cac82d9792f060f7c8291ddcc6e4569258fd43873a1314c86783f9801292abc915db4dc58acfc544e5cee0b0b7ab8bd4e7e7fb3aeb8cec4383832ea1acf74e40
-
SSDEEP
3072:Xjr87S7Gnz55Eorr3KcWmjRrzSIasSB+uAriPkcfMVulnkOIiNootOmke/Rud8hQ:sZl2JrJdMohIVoETdah6KX9qfheW
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ad13eca79f6b4ce6dd25be461ffffee4_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ad13eca79f6b4ce6dd25be461ffffee4_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\P3gYdK1jiGS5CAY.exeC:\Users\Admin\AppData\Local\Temp\P3gYdK1jiGS5CAY.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
441KB
MD5761dcd7b5d61d56516528e5023202259
SHA19d32c3dea5b33709ef92f05972c21c42694a9869
SHA25620180145b963e19b07bc0cbf4a19e94b5b79d5c5544b67f14bcf75aeffb36561
SHA512f7c6bfd7093e266247361dedf76a77a74022ecab04aad9430c5eb3a2527e42008276b8df8ac22d818b1ad051ef999ea7277008da89ba9cadcea1feb5767f51fd
-
Filesize
191KB
MD594a363cd532d88ac33997c25657a19b5
SHA1a98f1a8361d0183651c0ef457b9ac4339e429bea
SHA25613b98844b2fa4a39a4d8ebb414fc79450d5ab4f0c8f5141ac06d40b2a0431ea4
SHA5123b1c87a67f63e4276453ec1e322f0c13896dd0524ef35f4e4037a481ce354feaa98440f85b784c0b90a900c59ef115654f687457180ea433ea0100427f5c26f5
-
Filesize
118KB
MD5f3a5f1a9498a80d37ad51a465a73bbbe
SHA1cf0373fb9837de6a67e18f1896258cb99005037b
SHA256c77cd8b176021d3c9c3c2822691ed40dbda40a9cecb64b4db0cf3630af6cbbc0
SHA512bdbd9334784577ac625375c1a5f1974ae68040b42d5b09e399c58bc531112d272a9d799747183e9d5704b5a59c2e39e37c3ed887ad84b73f89c51835afecb7cc
-
Filesize
100KB
-
Filesize
100KB
-
Filesize
100KB