Analysis
-
max time kernel
141s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
28-09-2024 23:30
General
-
Target
fd5c17c7c0ff0d44283be6c7effdee72_JaffaCakes118.exe
-
Size
1.4MB
-
MD5
fd5c17c7c0ff0d44283be6c7effdee72
-
SHA1
3bcea436d7dac55a77d962fe4c1e538da79309fa
-
SHA256
9eae12cb2c6215d2a997927278055d1091026e10e481e741eb6ae7cc2a13ab1b
-
SHA512
6fa9a92cfb92092e51091b0f3847d6688254d01abb8171fe93f951be03c586bda6c371070e3bb6774408fbcdb2b78a1d1d9bf54eefdae382f2167fdce1b0a7b2
-
SSDEEP
24576:JMiInmDy9aqB9SUnUP8GFVLsEPMNEnoul3K99mxriNzFrw:OeyIqjSUk6b2GNzF
Malware Config
Signatures
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fd5c17c7c0ff0d44283be6c7effdee72_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fd5c17c7c0ff0d44283be6c7effdee72_JaffaCakes118.exe"1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB