4897b86880d58b7cad32d47c65058d6fb704ca6e742f7a6fb9bcd403bb392a56

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 07:39

Target

d5e2fe3449a3fec290b00c058377cc9f_JaffaCakes118.exe
Size

648KB
MD5

d5e2fe3449a3fec290b00c058377cc9f
SHA1

4cf1fdedfff8047be5ed938bd8021dcf99605446
SHA256

4897b86880d58b7cad32d47c65058d6fb704ca6e742f7a6fb9bcd403bb392a56
SHA512

83aec5904cc624707bda4799aedb6645b2d5892ddb72789c6b60fa679fd08555ee1a01aa500de6a526326e0287428e4fd7a9e472647efbcbb9888a49eea5fd71
SSDEEP

1536:vzvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqzIzmdq:USHIG6mQwGmfOQd8YhY0/EGUGq

Score

9^/10

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs

Email Collection

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	d5e2fe3449a3fec290b00c058377cc9f_JaffaCakes118.exe
Key opened	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook	d5e2fe3449a3fec290b00c058377cc9f_JaffaCakes118.exe
Key opened	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	d5e2fe3449a3fec290b00c058377cc9f_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d5e2fe3449a3fec290b00c058377cc9f_JaffaCakes118.exe

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	d5e2fe3449a3fec290b00c058377cc9f_JaffaCakes118.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	d5e2fe3449a3fec290b00c058377cc9f_JaffaCakes118.exe