Overview

overview

7

Static

static

5

287c63c5d1...18.exe

windows7-x64

6

287c63c5d1...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-10-2024 01:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    287c63c5d1638cfef2ff3879c0d7b2af_JaffaCakes118.exe

  • Size

    180KB

  • MD5

    287c63c5d1638cfef2ff3879c0d7b2af

  • SHA1

    01b6f6cdcbf76d3aa37c01a232d41f5ecd9134eb

  • SHA256

    4abf28e971cdc4049abebe0675a8ffd77c601cd12c538d6bc87b56c933e2b85e

  • SHA512

    c3311a359594ca2184c94f4b2e9ad066283a783e721d150411060719410d6b05fd463163908efd25a45a7448e20127b0f9d5cbd96616e24fd64a8af718e0ea91

  • SSDEEP

    3072:M04mK82ZuSo7Q/pxrdkfSDJK9FEL6ZomOmDQpOW/UkL81juZQTZeDYA7yqFA:MpZudQXmfSDaFOnhskwuuTZ2YAVFA

Score
7/10
credential_accessdiscoveryspywarestealerupx

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 27 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 13 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\287c63c5d1638cfef2ff3879c0d7b2af_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\287c63c5d1638cfef2ff3879c0d7b2af_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    Filesize

    527KB

    MD5

    15e638d0c2cfdee8f31210c833598a73

    SHA1

    aee0fb091124c70eec0c5f4593baf0c247a872e6

    SHA256

    29625cc3242ec87d1daae4b8b49815f7b6c3a72a647bcf83eeea36e77678be2d

    SHA512

    be68641c9807683ea512bbf2a031e304241beed45318b52b5335fdfbe16fe4e381b91b356d9a0d82a738ce0376d6b721462ae0db5df8817aac2dca205cbbbd8c

    Download Submit

  • C:\Windows\SysWOW64\msiexec.vir
    Filesize

    162KB

    MD5

    f7826f366f53578af41b42ba57455c4e

    SHA1

    49ee2031457002ed5168327fa983975f2dd96029

    SHA256

    54310b977b7feacf7edcc4942fe59b52354075864781df0b539244979e1f323d

    SHA512

    483c0d57f2e73f96fceb5ae040551ff5e1cb99eaab7519aa59c2335673ab079b4119965bfa813f5b4b1053a24c0cba230aeb9e2b1fccd6acb532118ed31d0305

    Download Submit

  • memory/1828-0-0x0000000000400000-0x0000000000452000-memory.dmp

    Filesize

    328KB

    Download

  • memory/1828-18-0x0000000000400000-0x0000000000452000-memory.dmp

    Filesize

    328KB

    Download