Analysis
-
max time kernel
79s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
08-09-2024 18:33
Behavioral task
behavioral1
Sample
d4f6ef39b38a7dc4b25fed4e39e4457c_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d4f6ef39b38a7dc4b25fed4e39e4457c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
d4f6ef39b38a7dc4b25fed4e39e4457c_JaffaCakes118.exe
-
Size
349KB
-
MD5
d4f6ef39b38a7dc4b25fed4e39e4457c
-
SHA1
bb410825f9b930021ed3efd27c989330a757cf86
-
SHA256
7a1ec17b2e3324e5e9080e4a7e4ee87f235d7dade94d8985d3fdd6a0924c913f
-
SHA512
62611848a6b1b37084fc6fa17a0d05feb27d48bdb386a2ebad2663ed186df7f14bcbce4fb9178d37d3e8abb28c0647a0d81df5e67365f714be367389b0b8b2a7
-
SSDEEP
6144:t77hTTSQ4G8OTD1LdPXJduYFv9qAI4TEJTvcD157rHfZSXHEY5QjTmERgyRn/mhx:tXIZUD1LdPXRR9qAI4Tkvcx57rHfo5QK
Malware Config
Signatures
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d4f6ef39b38a7dc4b25fed4e39e4457c_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2660 d4f6ef39b38a7dc4b25fed4e39e4457c_JaffaCakes118.exe 2660 d4f6ef39b38a7dc4b25fed4e39e4457c_JaffaCakes118.exe