Overview

overview

8

Static

static

3

bc95c9fc45...18.exe

windows7-x64

8

bc95c9fc45...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 17:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bc95c9fc4557e6cf37622fb568ea422a_JaffaCakes118.exe

  • Size

    65KB

  • MD5

    bc95c9fc4557e6cf37622fb568ea422a

  • SHA1

    0203751d5b540fd93a314d585d91d8101dd5acf3

  • SHA256

    0e547d4270446c4e75f53519747b633db8036e69d90ca39c0902661d21d3d794

  • SHA512

    a4e0c6c24758708703c30f7eb9462f2195ab813533d5d946a06d97709418e0b8451c2a08f532bfb7df5a394bd2d009d7f11ffcb9a9e49e8dfc85a4e3f0b269e8

  • SSDEEP

    1536:RjMqxL2Q31HtfPM3XApqmxOEcxq/QhIw:RAatf04xOI

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1196
      • C:\Users\Admin\AppData\Local\Temp\bc95c9fc4557e6cf37622fb568ea422a_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\bc95c9fc4557e6cf37622fb568ea422a_JaffaCakes118.exe"
        2⤵
        • Drops file in Drivers directory
        • Enumerates connected drives
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2960
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2016
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            PID:2556

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files\NewPublish.exe
            Filesize

            326KB

            MD5

            24f1caf8aac10bb5c5a2564e92cda84a

            SHA1

            421ec4c5bf27d8dbd56411c00bdb107102814b6e

            SHA256

            9cf5d410d4c21725f853f54d18addb76e81a57d17c2b0883eb932c86e0b2a672

            SHA512

            06c1079ce50d158df6841f0cb63b743edf0b6155e378098d7059a3088d986d3acca3779757ab69c832b727485bde884ccd49f029daf077b1926bb9a310cb58f8

            Download Submit

          • memory/1196-2-0x0000000002E10000-0x0000000002E11000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2960-9-0x0000000000400000-0x0000000000423000-memory.dmp

            Filesize

            140KB

            Download

          • memory/2960-6-0x0000000000400000-0x0000000000423000-memory.dmp

            Filesize

            140KB

            Download

          • memory/2960-7-0x0000000000400000-0x0000000000423000-memory.dmp

            Filesize

            140KB

            Download

          • memory/2960-8-0x0000000000400000-0x0000000000423000-memory.dmp

            Filesize

            140KB

            Download

          • memory/2960-5-0x0000000000400000-0x0000000000423000-memory.dmp

            Filesize

            140KB

            Download

          • memory/2960-10-0x0000000000400000-0x0000000000423000-memory.dmp

            Filesize

            140KB

            Download

          • memory/2960-11-0x0000000000400000-0x0000000000423000-memory.dmp

            Filesize

            140KB

            Download

          • memory/2960-12-0x0000000000400000-0x0000000000423000-memory.dmp

            Filesize

            140KB

            Download

          • memory/2960-13-0x0000000000400000-0x0000000000423000-memory.dmp

            Filesize

            140KB

            Download

          • memory/2960-14-0x0000000000400000-0x0000000000423000-memory.dmp

            Filesize

            140KB

            Download

          • memory/2960-15-0x0000000000400000-0x0000000000423000-memory.dmp

            Filesize

            140KB

            Download

          • memory/2960-4-0x0000000000400000-0x0000000000423000-memory.dmp

            Filesize

            140KB

            Download

          • memory/2960-234-0x0000000000400000-0x0000000000423000-memory.dmp

            Filesize

            140KB

            Download