f001b37e38ddb8d5c855001903fb9a83aed8348a0a9a5fc251a1781d679011a0

Analysis

max time kernel
122s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 05:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d12ec5d856f4f9058a3f8f9796e415ff_JaffaCakes118.exe
Size

115KB
MD5

d12ec5d856f4f9058a3f8f9796e415ff
SHA1

54f2587794db040b2bc8042d1667482a4824e71c
SHA256

f001b37e38ddb8d5c855001903fb9a83aed8348a0a9a5fc251a1781d679011a0
SHA512

d0114129325d4d58e7e5fa0c9ce4ae3ab9e3bb77d321be2a17ed95b0fc5ca442ea5c567946b550a38d357974b8ae915385283c787449662173efbf9c7f42832b
SSDEEP

3072:GBISHxtrpIby05Q1c7Mnio0Lu4yS1Na1/e1GkOqtx:t8fiGmQyKiPK/eckOqX

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d12ec5d856f4f9058a3f8f9796e415ff_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d12ec5d856f4f9058a3f8f9796e415ff_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d12ec5d856f4f9058a3f8f9796e415ff_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2308-2-0x00000000009E0000-0x00000000009E6000-memory.dmp

Filesize
24KB

Download
memory/2308-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2308-1-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2308-3-0x000000000040B000-0x000000000040D000-memory.dmp

Filesize
8KB

Download
memory/2308-4-0x00000000009E0000-0x00000000009E6000-memory.dmp

Filesize
24KB

Download