7d4dade0869e753dc5b43ec07e97fb33ac6f1aea6d883f5c8c4a62c6bde11311

Analysis

max time kernel
95s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

033ec0da9e1a9b534983bd3534f32192_JaffaCakes118.exe
Size

280KB
MD5

033ec0da9e1a9b534983bd3534f32192
SHA1

edea0f1a9506e5236085f5534fbdc11fdc11cd13
SHA256

7d4dade0869e753dc5b43ec07e97fb33ac6f1aea6d883f5c8c4a62c6bde11311
SHA512

728d7d2e68c60cc3d56ef4999d049b29d3a1d5bc84ec406bbc3e97c88389370991446df1a263cf236a12430e2323b268b5767e698fd4d1b76739ec859f5af0db
SSDEEP

6144:AcTOayrPKT6yUazPicjbqIGTnRw1/nRRT/JdMbQd:73eCT6L88TnRsvRJJdS

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\test.txt	033ec0da9e1a9b534983bd3534f32192_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	033ec0da9e1a9b534983bd3534f32192_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4772	033ec0da9e1a9b534983bd3534f32192_JaffaCakes118.exe
4772	033ec0da9e1a9b534983bd3534f32192_JaffaCakes118.exe
4772	033ec0da9e1a9b534983bd3534f32192_JaffaCakes118.exe
4772	033ec0da9e1a9b534983bd3534f32192_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\033ec0da9e1a9b534983bd3534f32192_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\033ec0da9e1a9b534983bd3534f32192_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk

Filesize
1KB

MD5
ece4ebb3e3c273245e9088964161b499

SHA1
f3cfffd5d1c62db9238e74f5187004a7d94798cc

SHA256
6138a85112ffd107f3229fda0b7a56505f7241cd94009428cbb39702bea0cc36

SHA512
2dc5ece1b7e2f87ee4e511944aef3315d10f6c07642a642b15b58996625057f24929a0cc6c27096fa47c882713e8299bafcbae28545da66881c8463afa4b6981

Download Submit
C:\Users\abc.lnk

Filesize
1KB

MD5
041bedd29eaaf4705299013c14484b06

SHA1
8bed2ecb4b07507482331ecf80e14459ddbbafcd

SHA256
1c8c4c914453645cfcc50bd2752904e2e2880f5e8c3e04af9336f39654e9b834

SHA512
ff18551c35b94a587668d4a8ca18ca9c06f3c96df88ab269e538398024907b10f613c838614fa73abdaad35a6fe5ac27197ce27def8f9fb216032a6be078a9fa

Download Submit