Analysis
-
max time kernel
140s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
17-01-2025 20:29
General
-
Target
JaffaCakes118_96977cff64d6d4f4d9269f5d876ee8a1.exe
-
Size
181KB
-
MD5
96977cff64d6d4f4d9269f5d876ee8a1
-
SHA1
a3342d71ae672c2a6b0e89a5d1ee959a0499f9e1
-
SHA256
1f82895292fd0f9becfb08bcf6ce3a09799a60d0a81f61160152d35798b2c2e7
-
SHA512
69a9938e7a6fd83f2e842298f377af077a0f6274bc248c11f96509aabf47659296353156cd33e0cf03ad52377d928ace442f25a84e639e15addae9462c983ab7
-
SSDEEP
3072:8YZ1KP0tYNpCv5GUS1z/IZ6+rNALY3bflCtGcKg0I57Inpm92yL5CeO:ectYNpW5GxrIZ6xuj7u7IpByty
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 6 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_96977cff64d6d4f4d9269f5d876ee8a1.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_96977cff64d6d4f4d9269f5d876ee8a1.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_96977cff64d6d4f4d9269f5d876ee8a1.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_96977cff64d6d4f4d9269f5d876ee8a1.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_96977cff64d6d4f4d9269f5d876ee8a1.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_96977cff64d6d4f4d9269f5d876ee8a1.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5c4b76644f8ee71c19ef0ccfa89503ad6
SHA1fe884a3adca1ad2a06b06f95514c828237f5066f
SHA256cbf1acd2366979acc9f1bec97110a4c48d69aadb24b5af9e9eb68bee6af1b6bf
SHA512ae679e15fb40f3bf48e32df0959bf5b9a7158dc30dca31c302c214e6838f6694371e92a7dd44fe0821e188749ce6321c898d27d0a097954512707d53f268ec7a
-
Filesize
600B
MD595b0b911d18df6f164c7a0fd3870c68e
SHA1e18b101eb704803a44cbc178284b798c56d4246e
SHA256e48859316703dbbbfb32e3602a8d29f6d21132984b67f47f94c957f899d52fec
SHA512cc3f27b3ecb31badb41acd17871363bf90cd34bbeaa0d0659563e42aebf0916e093bc32b51b2c3c1dab4d250c5632f26376b4dc22328cf89db775bb6816fc11e
-
Filesize
996B
MD59c60b74aa5722f9dd889e112b789889c
SHA12eb5254a45a0a79ca247e7a88ca7eeb7e16ffbfc
SHA256c581b0a3377b91a8c6898a285b11281196a429dc0ce059a7607db305a75330d3
SHA51276d7c7d41ffc6ca477a652bf82f68935e759924b1aa63f7d0c12e919d4e6baa2437b03815db0cef0ba7f67e105e83fa5e20101027ca6be79df095f34dff2dda4
-
Filesize
300KB
-
Filesize
300KB
-
Filesize
300KB
-
Filesize
300KB
-
Filesize
300KB
-
Filesize
300KB
-
Filesize
300KB
-
Filesize
300KB
-
Filesize
300KB
-
Filesize
300KB