Overview

overview

7

Static

static

1

eac485a191...18.exe

windows7-x64

7

eac485a191...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 06:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eac485a19158c3e51e0b128a4d557ffc_JaffaCakes118.exe

  • Size

    1.7MB

  • MD5

    eac485a19158c3e51e0b128a4d557ffc

  • SHA1

    679c82900884dbe90cacd6894f30108e9ef9777b

  • SHA256

    c451ff4724a716029173df180c40fc7eb9ab9c289c11d83875484463b2a83c5b

  • SHA512

    5dbfcc92c5972e26e2df567a6162ab3c1acc3c05c406d350af4e74091c73e8b5d9f9371bf257a14c416c4039832208f0c92c47919eed14e814a8ec9a2eee03e0

  • SSDEEP

    24576:uUC4SusT0XmomI+19/76bmm/SCxx9T4pN9UEya29Sm6aI71FmWa1:04fDmIW+bmYz9T4p8M29S71RFmWa1

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Loads dropped DLL 11 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eac485a19158c3e51e0b128a4d557ffc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eac485a19158c3e51e0b128a4d557ffc_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsu7957.tmp\System.dll
    Filesize

    11KB

    MD5

    959ea64598b9a3e494c00e8fa793be7e

    SHA1

    40f284a3b92c2f04b1038def79579d4b3d066ee0

    SHA256

    03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    SHA512

    5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu7957.tmp\UAC.dll
    Filesize

    13KB

    MD5

    a88baad3461d2e9928a15753b1d93fd7

    SHA1

    bb826e35264968bbc3b981d8430ac55df1e6d4a6

    SHA256

    c5ab2926c268257122d0342739e73573d7eeda34c861bc7a68a02cbc69bd41af

    SHA512

    5edcf46680716930da7fd1a41b8b0426f057cf4becefb3ee84798ec8b449726afb822fb626c4942036a1ae3bb937184d1f71d0e45075abb5bf167f5d833df43a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu7957.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    d16e06c5de8fb8213a0464568ed9852f

    SHA1

    d063690dc0d2c824f714acb5c4bcede3aa193f03

    SHA256

    728472ba312ae8af7f30d758ab473e0772477a68fcd1d2d547dafe6d8800d531

    SHA512

    60502bb65d91a1a895f38bd0f070738152af58ffa4ac80bac3954aa8aad9fda9666e773988cbd00ce4741d2454bf5f2e0474ce8ea18cfe863ec4c36d09d1e27a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu7957.tmp\apphelp.dll
    Filesize

    2.0MB

    MD5

    a8225a2f10a8d531d5c44abc9d8219db

    SHA1

    b6e6d6916837b22dbdc5469486d53e4058a15dec

    SHA256

    eaccffe2ac0d44d3a2b52808d934bed66bd61886ac9cb42247b2fe8a823909a4

    SHA512

    764d82d3f2e0f779c8afeaebc4980d6465c78e7a0021acaab040de5ad46337d2b6f9ba702b12b21de6da8287f87193b90779b665b1f8bb7a13e7dd10d4a2496d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu7957.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    f7b92b78f1a00a872c8a38f40afa7d65

    SHA1

    872522498f69ad49270190c74cf3af28862057f2

    SHA256

    2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

    SHA512

    3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu7957.tmp\registry.dll
    Filesize

    24KB

    MD5

    2b7007ed0262ca02ef69d8990815cbeb

    SHA1

    2eabe4f755213666dbbbde024a5235ddde02b47f

    SHA256

    0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

    SHA512

    aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu7957.tmp\soffer.dll
    Filesize

    194KB

    MD5

    9ec4e35844e914c16baa82e04328fe57

    SHA1

    3db145031fcbf24bee6c715d0abc5f8d2fc69ad8

    SHA256

    82bbc0e285e76a6d0e16ab8805852a8c5b2c4d37b4a776595a4357d26543f11e

    SHA512

    9a02af521bb00244693e20b72313b6e7de4093bda43b143ea7ecc24b15486cdf33e7dc515f1c95d49d44544c839c2025844186724843acf8a08de4168b7420ac

    Download Submit

  • memory/4092-43-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4092-57-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

    Filesize

    4KB

    Download