Analysis
-
max time kernel
140s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
12-01-2025 08:21
General
-
Target
JaffaCakes118_09f0b3a451ae967a9f7001f333e61775.exe
-
Size
174KB
-
MD5
09f0b3a451ae967a9f7001f333e61775
-
SHA1
72ad8b7f2d1d3abb2e8d27c7614eabaeadae5779
-
SHA256
1d9011525891ae7b3d4d93fefece72e4db3d472dd479d95a896f04a355faeff3
-
SHA512
b450fe590695097944944a46e2d11bebbcd4404b827205b8e7bdb0107d3fd9b7570de83205975d56491559a4883d63446947a522e0bcf383b954a122e4ddcaf4
-
SSDEEP
3072:fW0ZO/QFNGawwTXMdqC/XdV1fqc1MxfGZnC4FABexVQZ1s9/cbU:fW0ZpFE9UXKDLi+NCsViu9/u
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 7 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 10 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_09f0b3a451ae967a9f7001f333e61775.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_09f0b3a451ae967a9f7001f333e61775.exe"1⤵
- Modifies WinLogon for persistence
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_09f0b3a451ae967a9f7001f333e61775.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_09f0b3a451ae967a9f7001f333e61775.exe startC:\Users\Admin\AppData\Roaming\Microsoft\conhost.exe%C:\Users\Admin\AppData\Roaming\Microsoft2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_09f0b3a451ae967a9f7001f333e61775.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_09f0b3a451ae967a9f7001f333e61775.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD58e44ed9068593ffaae9144b20def9687
SHA17ea2c37ed832dc393a03586b0074a835fca6b824
SHA256e7dad52a75da634f30c0d80355877132677af497b77607b51e2ce895bb0bff3e
SHA512deb9fac3b6f1b2c496795aed7dd17b44b9e331635ff7551916a0d73bcad753219de73120c1047c40192c4c6002d249b632ce1d9c7a68fc9460a64b6755efa8a9
-
Filesize
600B
MD5684cf683f7743bed64243d35184c95e3
SHA1587c18203d05e7fb1ccb076d1aad36330d1ed32f
SHA2569b9e509c3e5bbae5bafa1f5a43fb3878ab1e0d53a4673e3d6db3fac016360376
SHA512d281072bda47da8b0b43cc0244888bfcfa5cb67a9e5d5eee563931de6efa0a4982565b130558e9f4ad002ada19253a97c3890525a7f557d2fd2131bc8ccc3826
-
Filesize
996B
MD5d426b8b1ae4cd4b283226fbbf02130c5
SHA1b9df314231b7e6b437691dce154b896091544f1c
SHA256ed547e5dae09489bb3904a794373e608ece19cceddfcebaf8567863cabce0f12
SHA512dac83a298ce26cb865c2430bb47c8bb592e2e9c65f3f5059a922d39f4f438d22cf67b715424ded1c25b50d2a4aaae151b251410147c404f25f4b106c944b6f28
-
Filesize
564KB
-
Filesize
564KB
-
Filesize
564KB
-
Filesize
564KB
-
Filesize
564KB
-
Filesize
564KB
-
Filesize
564KB
-
Filesize
564KB
-
Filesize
564KB
-
Filesize
564KB
-
Filesize
564KB
-
Filesize
564KB