9feb0c47916fbf71800452abdadf9c200ff48ad94e845ba32a81dc253c7bad07

Analysis

max time kernel
143s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b5d99125885b1c32abed26ac03d0914_JaffaCakes118.exe
Size

914KB
MD5

3b5d99125885b1c32abed26ac03d0914
SHA1

9301d37522f15f069d1d4a2e653798d192010872
SHA256

9feb0c47916fbf71800452abdadf9c200ff48ad94e845ba32a81dc253c7bad07
SHA512

080dc554413a52714bcc68a97efa966eafb21ee935075ce397abe3a97b982d44a86de7ef5981023cd23516746dbb8bbb73debaa9815ad57eeca7f440949dcd70
SSDEEP

24576:ESyMJfstrtr5cdy1hppe+7h9jFF0nXlTLR2utEch7+Eh:zlJfsxtlcUfppbDpoV3RzEcd+A

Score

7^/10

discovery spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4992-1-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-4-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-5-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-88-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-89-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-90-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-91-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-92-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-108-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-110-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-129-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-127-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-130-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-128-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-133-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-134-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-135-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-144-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-147-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-146-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-145-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-148-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-149-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-151-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-150-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-153-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-152-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-154-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-155-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-156-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-158-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-160-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-162-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-163-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-164-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-165-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-167-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-166-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-168-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-169-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-170-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-171-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-172-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-173-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-176-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-177-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-178-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-179-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-180-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-181-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-182-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-183-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-184-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-185-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-186-0x0000000002450000-0x00000000025D9000-memory.dmp	upx
behavioral2/memory/4992-187-0x0000000002450000-0x00000000025D9000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~2\is240613906.log	3b5d99125885b1c32abed26ac03d0914_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3b5d99125885b1c32abed26ac03d0914_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4992	3b5d99125885b1c32abed26ac03d0914_JaffaCakes118.exe
4992	3b5d99125885b1c32abed26ac03d0914_JaffaCakes118.exe
4992	3b5d99125885b1c32abed26ac03d0914_JaffaCakes118.exe
4992	3b5d99125885b1c32abed26ac03d0914_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4992	3b5d99125885b1c32abed26ac03d0914_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	4992	3b5d99125885b1c32abed26ac03d0914_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4992	3b5d99125885b1c32abed26ac03d0914_JaffaCakes118.exe
4992	3b5d99125885b1c32abed26ac03d0914_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3b5d99125885b1c32abed26ac03d0914_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3b5d99125885b1c32abed26ac03d0914_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish240612828\bootstrap_25975.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240612828\css\main.css

Filesize
6KB

MD5
2ceb27c6ac9337b69c12261babf9de58

SHA1
1be81527901eab19a6de55888e8c9a4a21477d3b

SHA256
9505cecd87caacc12391df26392d61f8b7b8221d9f9bd14d42c4db2d20cf396f

SHA512
6ba10616f1689b9706e21d2e6e02aa3d1fa58aaf5e5f26be4c38e7335cff7dc17db6b9945867032a35a631ba639b1a19fc770d6e341a4994112da68b565abfb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240612828\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240612828\images\BG1.png

Filesize
153KB

MD5
80b8558bb89dd8f78f4de8cb26feb678

SHA1
7d77ed3a570b0b73af222bb5da902fbc7498956f

SHA256
5b346551b962f7f920d8bf18a43665f4782e0bb6d75c9474e88dcf3e01cede31

SHA512
71f3074ae0f26a98e19def61017167de06e7189d9525b86cb60ff56f7645b2ff0be0e1fae61cba4533c1bbadc4e768bf771a3b2b706c66a58fd4e584f05afd53

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240612828\images\Close.png

Filesize
1KB

MD5
60e7a3f760637dd125a1150474e7f6bb

SHA1
46e4b53480dd7b3db532e3511a7ad3b9e99b2f48

SHA256
d244e6d623fb3706340ead5491bb61663e5d53a3f7d96d4b613175c875c42184

SHA512
d279b197d330c4fe7de5e891b45e60273b603d58c84a502461ba2edf008ed51e6bcfd8768a74ee95bc9558bcbe8294f9f759c188327f7c54b1483d1072b32268

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240612828\images\Close_Hover.png

Filesize
1KB

MD5
62d7273f7bfd374313f6fb0155b2e7f7

SHA1
dcc738108fa120a4d8ec47ff3e6e71c336c59c16

SHA256
8c7b475a063df4c3a3aaa79c26010eddc3259ab91d8ed904a539e17eea8e5caa

SHA512
76b316228fefc32424236019e931626611e9b50944960ded528a1e7f6c33b102f9f1326d758411b65fa3c96e99de222324ae3bc85989435da434005245d25a0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240612828\images\Color_Button.png

Filesize
3KB

MD5
4494970d8270d72c85faa39e600cd6c4

SHA1
1a083424cf97a015798b2d87d1d3ca0dc609e780

SHA256
58d6b88a87b14121a6c1b4c92414a39a5a6404c245424b95d2877ed75ea88f67

SHA512
89b4f860073f65d8f1898afd536d7fd27928baec80099f44f4d911df4828d66efa80495bc75e37f2bd1e4ba5930455fe0bcff5f5570c933618f0c5678d9e0945

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240612828\images\Color_Button_Hover.png

Filesize
3KB

MD5
b83749cfe0e95eb06f7d54bc53ca9c41

SHA1
0031fbbd170d635abece51d38b52775123415241

SHA256
89c1b13b0de232cc8fa6f7276508b26ebdf12760726f8d8cc41f7b9d869042c0

SHA512
447a1895a028daadb0b91a7349cd3308be2a38cc6cb066268a5a9402ee8a89605b6352c9214bcae742e10d4d545fcc09d5594059385292c8666fae656074877c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240612828\images\Grey_Button.png

Filesize
2KB

MD5
377a4cc417c35e8bca043b5fa45c76f4

SHA1
bba1d0a63c01c777536008dc177e8c8e3d1f3d0a

SHA256
d6476ab7dab6839357bda90d337593833f42b95f474ee358db9ddcd5b689c2c5

SHA512
b6a5d34089d830ba39194d7a40b7f394609b5dd4c3297f9e168f66d41e8ca29ef84cb46a3dc59ca305235e8ce33fb0c52766056fede28405b9f78f2382d1b4e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240612828\images\Grey_Button_Hover.png

Filesize
2KB

MD5
7af396fe907f2279c7be2f45c4a71f68

SHA1
e2915cd58658e004a528d6afb41a719e2f8bc906

SHA256
79aaaa8a2c4196a8fe5608ed9638c02febca9a5f01aaccd024741543893c10a7

SHA512
4b32408f9f8e101f93150fa991bbf7048b87d73ef284f1ab6b70e377ddf4dbd55d256a8be303f1a687b2b5d072444bd80fcf4905417524392dc4406157a5bdde

Download Submit
memory/4992-149-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-154-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-91-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-108-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-110-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-90-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-89-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-88-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-129-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-127-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-130-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-128-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-133-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-134-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-135-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-5-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-6-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4992-4-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-1-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-144-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-147-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-146-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-145-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-148-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-0-0x0000000000401000-0x000000000040A000-memory.dmp

Filesize
36KB

Download
memory/4992-151-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-150-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-153-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-152-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-92-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-155-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-156-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-158-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-160-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-162-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-163-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-164-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-165-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-167-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-166-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-168-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-169-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-170-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-171-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-172-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-173-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-176-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-177-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-178-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-179-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-180-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-181-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-182-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-183-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-184-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-185-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-186-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download
memory/4992-187-0x0000000002450000-0x00000000025D9000-memory.dmp

Filesize
1.5MB

Download