Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08/09/2024, 14:31
Static task
static1
Behavioral task
behavioral1
Sample
d49293220c5f0d4190c6e3a804a5af2c_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d49293220c5f0d4190c6e3a804a5af2c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
d49293220c5f0d4190c6e3a804a5af2c_JaffaCakes118.exe
-
Size
376KB
-
MD5
d49293220c5f0d4190c6e3a804a5af2c
-
SHA1
213ea1d55e25ea7d505e8d043358350eef50bf41
-
SHA256
e562fbd6bd0af83ea99cd6932a4552dcfe8264bf5e34d25fbb35a15eb06594c8
-
SHA512
8c618d83c5617656f08c4028406de241a2583bdc72a3e40bd51f05ef8baf38f8761824a2b0d41c940ee900466c8f99cf1d1fe85984e48093330d3fa4f25a08de
-
SSDEEP
6144:hFLt7ftDrpeYF6QUMzrDr4r3CRiLrdxlsW9b4yXaQ5mdPBj7Al1YO6C8:hFLt7ftDrEYF6WvK32ezsWBlXz5mNd7h
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d49293220c5f0d4190c6e3a804a5af2c_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 1848 d49293220c5f0d4190c6e3a804a5af2c_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1848 d49293220c5f0d4190c6e3a804a5af2c_JaffaCakes118.exe