96afff36d8193224eea08c5a5966f4722fae942496bb42dbdae650b66873cfd2

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-10-2024 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82706c2762c6de78583d8ff935c0e2e9_JaffaCakes118.exe
Size

672KB
MD5

82706c2762c6de78583d8ff935c0e2e9
SHA1

2b325162fdff29eb2e9432d37f9b388113fbcf57
SHA256

96afff36d8193224eea08c5a5966f4722fae942496bb42dbdae650b66873cfd2
SHA512

da2623238f4f9a6ad10b383826e5faddf00f90a5c10596514ab1632787f943dd7dda223e48427dea5534f16bfcd88a1e7a8e1d4bb596b43c971d792b0ac4e383
SSDEEP

12288:K9GFaKCOsU3UChTCP75NA8fdRhMMc5R4f08MP8PkQJppjdldz:KUFZCOslCh2P75XRhMxR4f01Pijx

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	82706c2762c6de78583d8ff935c0e2e9_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1920	82706c2762c6de78583d8ff935c0e2e9_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1920	82706c2762c6de78583d8ff935c0e2e9_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1920	82706c2762c6de78583d8ff935c0e2e9_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1920	82706c2762c6de78583d8ff935c0e2e9_JaffaCakes118.exe
1920	82706c2762c6de78583d8ff935c0e2e9_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\82706c2762c6de78583d8ff935c0e2e9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\82706c2762c6de78583d8ff935c0e2e9_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\truste.jpg

Filesize
5KB

MD5
1959eb33004d6107d3412e109c37b742

SHA1
59c3a787483e7743d5b805cd36726a0bec7e4992

SHA256
e60a764cd4d721c9fd261555510c51c668d112a37f2da2f0be1da6dceaa5f8ad

SHA512
238724a6b809d371c6ebab6057c61019e48caf7dd3245c6dca77efb5c015703a206472a9b82f778114c8dce3f10dd13fba972644b137020e4e5507053358e68e

Download Submit