234289430c0182a731d22ec331dba4005700b167008ec1632eabfbdf18d0d5cc

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dbabe163ccdb1e20d3bacd7026ebd824_JaffaCakes118.exe
Size

636KB
MD5

dbabe163ccdb1e20d3bacd7026ebd824
SHA1

1bc2d2e931910605d8485081c50d67ada7895820
SHA256

234289430c0182a731d22ec331dba4005700b167008ec1632eabfbdf18d0d5cc
SHA512

1699668a26a7941dabd45fd7b540ff0b058dc4222e045f3a24dea19e1692068c2f6af7459a0b10bbb5f7913e0a587f02d72c34252f491501915ef69bf95cd9ed
SSDEEP

12288:vhSWPnEjDFxi9Z7djkoHuaPluaxNWI7yBYk+EVGdX8ft69felYmhhHRmJ9CW:vh4Ti9Zxk6n9uaxN1AG6s2lYRJ9CW

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4416	6C.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lapkkcocodnokolnmmjlldnpjilkfmfo\2.2\manifest.json	6C.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dbabe163ccdb1e20d3bacd7026ebd824_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6C.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 4416	464	dbabe163ccdb1e20d3bacd7026ebd824_JaffaCakes118.exe	83
PID 464 wrote to memory of 4416	464	dbabe163ccdb1e20d3bacd7026ebd824_JaffaCakes118.exe	83
PID 464 wrote to memory of 4416	464	dbabe163ccdb1e20d3bacd7026ebd824_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\dbabe163ccdb1e20d3bacd7026ebd824_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dbabe163ccdb1e20d3bacd7026ebd824_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:464
- C:\Users\Admin\AppData\Local\Temp\0d667983\6C.exe
  "C:\Users\Admin\AppData\Local\Temp/0d667983/6C.exe"
  2⤵
  - Executes dropped EXE
  - Drops Chrome extension
  - System Location Discovery: System Language Discovery
  PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0d667983\6C.dat

Filesize
1KB

MD5
a66366c25af3728b301484848785f710

SHA1
223795891058205232a215ae8952322363efe3d0

SHA256
023567b826d446ed035428b65b12f0216cceb71e38eb6363f78cad4f1c9f4c6d

SHA512
c8898024e94b6e7cf6015fdd5a588d7609cd8b90e2f7fee62550a45e79804f9448708a0f2cc5c36aacf3d4c6e887a31f32e83e742592a977cb937050da341ad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\0d667983\6C.exe

Filesize
486KB

MD5
67c0e85aff48138c7e24f222546ec1cb

SHA1
abd1e48ea7d820ec19b8b91556acf8b064eb4ba7

SHA256
6e41774bd669cccac6aa2901ff413a130f819bc8c754e9ef4d1ed2a8e0721f22

SHA512
883f6d3fc1933be85bc2a07023c6143bfba4cd914ee190300fa166b2b018f78e0d79d12ce7ce7d2ff0a38b6f126c5cacaec8074e33fa237b73dd0c0d08bc763e

Download Submit
C:\Users\Admin\AppData\Local\Temp\0d667983\lapkkcocodnokolnmmjlldnpjilkfmfo\background.html

Filesize
140B

MD5
2b9c5e7792779f402102ca58a811371e

SHA1
484d408eab60216a5b80f0243dc50695bb97cfd3

SHA256
88d355f33e9fb0c7ada22c6d10e9a2b6ebb29da09025486c094791742c34e694

SHA512
f7da604949263f8352ac3d4fcb74a6865f31c282daf765bb6ecb28e3c76b13e45b943fade918190968bb01c14bfdadac128bf0a271ea378a7326b1d78ea7b64a

Download Submit
C:\Users\Admin\AppData\Local\Temp\0d667983\lapkkcocodnokolnmmjlldnpjilkfmfo\content.js

Filesize
144B

MD5
0654917402505bc71a231599d02e09a2

SHA1
e24d4fcf6f136c3be86b4dc01bd3bf446ce462ff

SHA256
9577828de9e701114e75cca9918972c9028689518882edcb6aa193f9353c19ae

SHA512
3e7077342d4c06d1192898a4ec5c9b19f3ca8883c5fd7c6e2a581d855959b748b5a8c4b07e3468cfc8b79e6abc1595fefccb41011c179da665567d5dc4b2da5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\0d667983\lapkkcocodnokolnmmjlldnpjilkfmfo\lsdb.js

Filesize
531B

MD5
36d98318ab2b3b2585a30984db328afb

SHA1
f30b85fbe08e1d569ad49dfeafaf7cb2da6585a5

SHA256
ea2caf61817c6f7781ee049217e51c1083c8fc4f1e08e07792052dfdfa529ae7

SHA512
6f61ccda2eba18369409850b2c91c9817fc741755e29a1579646e3816e0deab80e34a5adb9ff865c773793d32ac338163a224dbf363b46420d6ea42a7bbb2b3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\0d667983\lapkkcocodnokolnmmjlldnpjilkfmfo\manifest.json

Filesize
506B

MD5
965092185b2f04b5d8d588a991c95817

SHA1
c4d917c7b4eb19aebef870f1bda453a26ec7d9fd

SHA256
227227655419b82ce13c40cd7f85abd6999df78cf1ef07d9d5ba8212a49d6374

SHA512
e1a58d1290ca1341cd9132b38cb0105654224018afe262659763d53eeeaa4d1d49b16c1a32630ccd79d06d6f9058c4cda357da75cf58fcc42d5d8f2f933f8c54

Download Submit
C:\Users\Admin\AppData\Local\Temp\0d667983\lapkkcocodnokolnmmjlldnpjilkfmfo\nxV.js

Filesize
5KB

MD5
69a9f7369e0ad279a2e75456bd09571f

SHA1
432bdb8dcd4a5855ec8861a2c07b5256c90ae969

SHA256
3848102b766fd46f90b72acb54b487a017002f3d72c288766fab4d2ac2da8f1c

SHA512
58f1ddf418e29a7151d9cfe30d97c9feb14cf01a9f404d74e8b69bcd91b60b9272fe3415916cf2fa1d28378796db1131f24747c5b6f4f73414611c2ac949f1db

Download Submit
C:\Users\Admin\AppData\Local\Temp\0d667983\[email protected]\bootstrap.js

Filesize
2KB

MD5
df13f711e20e9c80171846d4f2f7ae06

SHA1
56d29cda58427efe0e21d3880d39eb1b0ef60bee

SHA256
6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4

SHA512
6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e

Download Submit
C:\Users\Admin\AppData\Local\Temp\0d667983\[email protected]\chrome.manifest

Filesize
22B

MD5
655d99646d3b7f245a5a87fd46e2be93

SHA1
69e7f841798489e1ffd61363eff63900373b8b5b

SHA256
b73114e4572c96b8264ae0d1ff6817eb707102112da855721cef39721a583f7a

SHA512
d2709b272c4239523230b2cef3a27f05c1d79ff05974ebc476f732ce7c2610f231197c952d720ccaefabc8f6e68e64c90b2a4638a0c119915f78dca7380b8132

Download Submit
C:\Users\Admin\AppData\Local\Temp\0d667983\[email protected]\content\bg.js

Filesize
7KB

MD5
195470efd71b9abebcbb1ae595e83c34

SHA1
99c89f387e0566473c15005a026b4f7649c00442

SHA256
b091fde00518a8b25b74907e7a6162ed26ea1303e1d4db3717c2531323ef58ec

SHA512
0b218f37c5c7026ff9c479b985c7a9abc6f7b7c4f58ce28b9bff17ed4771f2662d123474abf0bc2b7e4d12747a2de947107f85c812d2760c280270786245c079

Download Submit
C:\Users\Admin\AppData\Local\Temp\0d667983\[email protected]\install.rdf

Filesize
603B

MD5
5ed138342486b59afbd78efced877492

SHA1
af6bb2fde495275b427079f4c9c099b4c1396d28

SHA256
9dc529980fd5a036751f0752b22db8ada4b665782741c9b1e5680acd61d7c792

SHA512
f3a63e294403027f94891ce45c09191bea296620db5f7f1ead53f0c33d3bc97b3b8a29f4789cd371ead50c4827b6a56a82fb1a7cfe10b9d40f171b8796d779b4

Download Submit