Overview

overview

10

Static

static

10

JaffaCakes...fc.exe

windows7-x64

7

JaffaCakes...fc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-12-2024 05:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_b7cda70cbb94b6118791ca56c8f3f6554fd5defbb194bd8bd963654c9164d9fc.exe

  • Size

    275KB

  • MD5

    cc2eb1c47b888609af9f408aa765c09a

  • SHA1

    7c548ca820cd1b992ec7f879fa83ff4678b047be

  • SHA256

    b7cda70cbb94b6118791ca56c8f3f6554fd5defbb194bd8bd963654c9164d9fc

  • SHA512

    0808b78730915e298975512b07d5a71cabe0cc3275d24835e2729e31dc98bbecf335e29758f31bd03050ab4032adca7f60b0de14253d7eb10615f6e0dc9d38c0

  • SSDEEP

    6144:EMbC0SbzJjbSLPWstc7e72gk6ZVxw4ufGxs4lDWyWZsPGhOikTuid8umn6Bg:EG/CzJxgk4w4ufGJlDFWZsbikTuidB+j

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7cda70cbb94b6118791ca56c8f3f6554fd5defbb194bd8bd963654c9164d9fc.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7cda70cbb94b6118791ca56c8f3f6554fd5defbb194bd8bd963654c9164d9fc.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    PID:856
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 572
      2⤵
      • Program crash
      PID:1732
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 856 -ip 856
    1⤵
      PID:2056

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_Files\_Screen_Desktop.jpeg
      Filesize

      52KB

      MD5

      2bd0a3b76eb115ea341ac9dc1fa2126f

      SHA1

      73dff17a6e82cdddd7be6530a6331754f790a20e

      SHA256

      e5a22b9f4efe46ec3537dbcbd22b6e824745ec9615bee3c640afe88b0b9073a2

      SHA512

      dacdd4ea0ce9f376afc3b76a950551b5641bd9d8eceeb594f234ff3704da039283e8054feab51563759b68492175f9ab49c17951ee5019c6375ed6fcb078b04c

      Download Submit