Overview

overview

10

Static

static

10

JaffaCakes...e4.exe

windows7-x64

10

JaffaCakes...e4.exe

windows10-2004-x64

10

Resubmissions

13-01-2025 01:00

250113-bc1exsxqcw 10

09-01-2025 18:15

250109-wwd19aypdj 10

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-01-2025 18:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_ced708f928aa491a32b37ec480e183e4.exe

  • Size

    1.7MB

  • MD5

    ced708f928aa491a32b37ec480e183e4

  • SHA1

    1a46894c58d11c280ed030b95ac718212e981de2

  • SHA256

    b24c714a278ed88180aaace10ef9ff8827e7303442bf78da57e452bc00e4fe52

  • SHA512

    f36ed37c604e696307a2a4614697cf0e8f770f3062eba4819bc4e70ecf4f78d096f96cee5e744329c6e7d61b65ecc0bf88716a1e7d864824f620f1084ca1f5d2

  • SSDEEP

    49152:IohZwvj2SxBlC35eBTr6e3irsu2YArYKVxjb:Avj2E4J2Tr6e3iwu2b0Kv

Score
10/10
stormkittystealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • Deletes itself 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ced708f928aa491a32b37ec480e183e4.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ced708f928aa491a32b37ec480e183e4.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpB79C.tmp.bat
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:2296
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:2528
        • C:\Windows\system32\taskkill.exe
          TaskKill /F /IM 2844
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2932
        • C:\Windows\system32\timeout.exe
          Timeout /T 2 /Nobreak
          3⤵
          • Delays execution with timeout.exe
          PID:2584

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\tmpB79C.tmp.bat
      Filesize

      213B

      MD5

      8ccbf541e0499f7253aff6e13cfe6482

      SHA1

      c91aaec3f2f324c6d8d8d749ee7b656b3541987b

      SHA256

      a0dfd75f30d54ff60fb4870383975b063f3486c073cd06b8813005eddfd1bef9

      SHA512

      48c3d6cb743b47ecac83bb408e50b756ea6f6f9182c7cb338e06455ca48dcc15f1045c954618e16f77256c7a037b4455410f84aeb96d453bb5077c8822ac90b2

      Download Submit

    • memory/2844-0-0x000007FEF5CC3000-0x000007FEF5CC4000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2844-1-0x0000000000B90000-0x0000000000D48000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2844-2-0x000007FEF5CC0000-0x000007FEF66AC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2844-3-0x000007FEF5CC3000-0x000007FEF5CC4000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2844-4-0x000007FEF5CC0000-0x000007FEF66AC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2844-7-0x000007FEF5CC0000-0x000007FEF66AC000-memory.dmp

      Filesize

      9.9MB

      Download