b36c9ca12d0a7a000d0685a7a95db37556623bece2f0d426dd30ac537577a2be

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 07:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04d9553a3ef655d711947970430b497c_JaffaCakes118.exe
Size

280KB
MD5

04d9553a3ef655d711947970430b497c
SHA1

f6b5f31f1a2fe015ccf12fb8579bdda5fcc83e7e
SHA256

b36c9ca12d0a7a000d0685a7a95db37556623bece2f0d426dd30ac537577a2be
SHA512

0512c9b2128018e6d08c48457616f2ad1f01dcf0a1b12740d5ebc7c9ccbb22908ffb1bed31404b6cf87a395ff49b6920ba4f6b3d1d66a9e1a0428fa587c17e7c
SSDEEP

6144:2SQFHumylbK0z30FjRomWnIsOSgve6/KbkxQZE:W820zkRPWnIPnvPKbkxE

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\test.txt	04d9553a3ef655d711947970430b497c_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	04d9553a3ef655d711947970430b497c_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2676	04d9553a3ef655d711947970430b497c_JaffaCakes118.exe
2676	04d9553a3ef655d711947970430b497c_JaffaCakes118.exe
2676	04d9553a3ef655d711947970430b497c_JaffaCakes118.exe
2676	04d9553a3ef655d711947970430b497c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\04d9553a3ef655d711947970430b497c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\04d9553a3ef655d711947970430b497c_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\abc.lnk

Filesize
965B

MD5
dfabc66137ad6999611c1dd176c68773

SHA1
52add968b692b672345913876afce9dc5d14d5e8

SHA256
8a75fbf60bd46efbc425f189acd4c6811d20d4a33176670d38ac39535f17be18

SHA512
8f7bbc71037c0b5917ac68ebf180927b162a0f43c26f25dfbacd34d21a7734666e421a5717501efa97412de47177f874eb18963e94a98a3b4ac7dd31113ddc42

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Filesize
1KB

MD5
4c2f7a080104b6d0fefb16092feb0a66

SHA1
f5101b75aea3561683653c5256be9f1bd636ffe4

SHA256
663833a005b10ecae7eba305ae641405b1d1ec0688e57ec40d5cfbd090c9a782

SHA512
9bbb7355ef0ad196538a9c5f56114882b43bb2bb998ed6a131b3b0c5112cf7f7a8ef413c49961f04255ca5f0e3425e838b860b74ae56d6607e8867817ad39e10

Download Submit
C:\Users\abc.lnk

Filesize
1KB

MD5
a0ac7037d901381b35b0e14489afa7b5

SHA1
182d07772653b72c32d67fdc36ab1735b2c4345a

SHA256
4e6d79cfea35a501127ee2d6592f4bcc8d2a92e5ff28305205c2a46546586616

SHA512
35571dceeeca6633298d4b2ba2c767f7f745e0e76c5644a5af47ea098e7bd51b8d9f50a86fc979e6bfadfb458cf9c81b5482bf3971ed9b6597a512afb3e4e699

Download Submit