Analysis
-
max time kernel
141s -
max time network
67s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
02-01-2025 17:41
General
-
Target
JaffaCakes118_66f0e5a421e308d1bad945eeb469b34d.exe
-
Size
176KB
-
MD5
66f0e5a421e308d1bad945eeb469b34d
-
SHA1
a44f31b439db3588affcba9a78ca1e36b93a3a32
-
SHA256
eefdc751b3ca1dd5e2771a5d3e847efd8ec81dbf05447c927ffad071c95c88aa
-
SHA512
5e14ffd7520560ca5f15b788bb48f032a3307743fca25ab53dfb42316d14186817c03072cc74e992bfc9f16ad9b1613d755419b80a9d9ea6f9b1fc636d84efdf
-
SSDEEP
3072:y57GJO4OYlxry+oy3yuGAWquYqfUwdQoPW4iaq+1t+xaSNL6kq2:oKJO49lxryGCqyinVxaSJ
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 7 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_66f0e5a421e308d1bad945eeb469b34d.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_66f0e5a421e308d1bad945eeb469b34d.exe"1⤵
- Modifies WinLogon for persistence
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_66f0e5a421e308d1bad945eeb469b34d.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_66f0e5a421e308d1bad945eeb469b34d.exe startC:\Users\Admin\AppData\Roaming\Microsoft\conhost.exe%C:\Users\Admin\AppData\Roaming\Microsoft2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_66f0e5a421e308d1bad945eeb469b34d.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_66f0e5a421e308d1bad945eeb469b34d.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ca4af0c4235b76fa44f393f4c13df638
SHA14288b81802bc1e03ea1ea35ca3f165e9c44b5540
SHA25643f4c15d3aa805ab79f05d0196b1fc6a27b3f87aff7d52993b22d4c32832be6c
SHA512e42b2e32efd23766ec51c31db109a8893db3d9d7cec3b039e7ed7407166cd1720717e51f33ba31256188f5cf9e45513f7b8f38257b9b56fad103056d4506cd68
-
Filesize
600B
MD5d83f77596ecf77e2882f85271c6d5e1c
SHA135883d6a570634e62b9946ec22a5454aba007f2e
SHA256a6850dc5684762c3d1ad267bde8350d49e64340b29effff0c7fd0d2beefc9025
SHA51271818799756ae8672728b2ac18ac551d409db354f9ff38a9ca84045da309250ace50e39892f40e2a12b161883158dfb9d1088df95e47be2c4b2c8898a0e0a873
-
Filesize
996B
MD5461b4ca9e69b061a7401329b7c23107a
SHA15f6c3314db14db899470205c28091ac6d1754429
SHA256feaa4b79b8863364382a09463687b6ea35305a1b2013544ad33e4a9c95c2ae20
SHA512ea3b82e965b625a2661eeb8ae13c3e9caaf4342b5857ac424e024ebe5cbf6a1855d423cd899b1dc72b86c7c4a92f38a05cb1ee42f0e8f26a5d9be9a99b3eae28
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB