Analysis
-
max time kernel
91s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29-09-2024 08:20
Static task
static1
Behavioral task
behavioral1
Sample
fe20a4ed4b34edd7c0bfcf0a7e5b65f7_JaffaCakes118.exe
Resource
win7-20240729-en
General
-
Target
fe20a4ed4b34edd7c0bfcf0a7e5b65f7_JaffaCakes118.exe
-
Size
22KB
-
MD5
fe20a4ed4b34edd7c0bfcf0a7e5b65f7
-
SHA1
4e2cfb54babf2beb1c07cab6bc655164fd89efce
-
SHA256
b339a663350bfdc3ffe4f6a9efc60c7fd63c0821b0bc522e4a48457725255413
-
SHA512
ca0389a2bf86ec0024640f05757dc5cf220f799f852d5827d5a82a7489688170b666e3cd59ec391d8bffd7a9b9f956ada3e0e146ee0d330b6ec701ca6a96f644
-
SSDEEP
384:X2Kx705TC0+i5LmnJ5ST2hKioPI6Xc0AmDlWMcLmwEd4xQam7lnOv9fh3SMd:nx7YTLinq/PK0AmDIew6xOv9pLd
Malware Config
Signatures
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fe20a4ed4b34edd7c0bfcf0a7e5b65f7_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeSecurityPrivilege 3344 msiexec.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fe20a4ed4b34edd7c0bfcf0a7e5b65f7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fe20a4ed4b34edd7c0bfcf0a7e5b65f7_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
PID:3044
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3344