Analysis
-
max time kernel
140s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02-10-2024 01:19
General
-
Target
0838acc08b5f1e16483757c31935b586_JaffaCakes118.exe
-
Size
29KB
-
MD5
0838acc08b5f1e16483757c31935b586
-
SHA1
8066ad53404a88dbf5249e1419bef1248f37937a
-
SHA256
866b87519958bb1248fad614affff4d15cc05cd8ef2a7b845157139c1719ce79
-
SHA512
36dd441d215a2e9b2c6cf7afea8d109f8e125ac0311c122bde7cbc4e4e75153f738207c92ba2ef2c3209a4ff177d81bd200196415285ad419f7f4714440281e8
-
SSDEEP
768:XocAX3LKew369lp2z3Sd4baFXLjwP/Tgj93b8NIocVSEFKA:SKcR4mjD9r823FKA
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
UPX packed file 7 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0838acc08b5f1e16483757c31935b586_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0838acc08b5f1e16483757c31935b586_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
352KB
MD51bca2ff5f964575ae1f4642c7821da2d
SHA11f1e69274c772576fa839d7eb92f4d99b34a42eb
SHA25661d5fea24efbd60d657026db424d6fcde1f47615f44b835629bb54fdd5fd7e4b
SHA5128c1def339eecd74c251d66181e2a6b7bc61b5cce46883bfeed16214ba8df9deb76c3d480b21d39ab4e9633a091e9171d4effeb8e4a6bdb1e8dbbe279d0737a4b
-
Filesize
29KB
MD5bc16176fe967cec6235810cf1739d642
SHA1ac0c7077dbc72458b40cc79084338c3fec1b0d66
SHA256c0ce9056c21e4e7f3088e5304d80fb8f2607b3981441d233f967d9f9a35f85d6
SHA512747aff91c443200083c5527f9258df4236cd4fbfdb0932e2d8df18877fc65e4f252f795706878e41fd28c84d65ee00389ce1c0dbef16d1ccde9b332404936427
-
Filesize
29KB
MD570aa23c9229741a9b52e5ce388a883ac
SHA1b42683e21e13de3f71db26635954d992ebe7119e
SHA2569d25cc704b1c00c9d17903e25ca35c319663e997cb9da0b116790b639e9688f2
SHA512be604a2ad5ab8a3e5edb8901016a76042ba873c8d05b4ef8eec31241377ec6b2a883b51c6912dc7640581ffa624547db334683975883ae74e62808b5ae9ab0b5
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB