Analysis
-
max time kernel
141s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26-01-2025 22:26
General
-
Target
JaffaCakes118_39b409deba11be2e60e03ea0b4b388b6.exe
-
Size
179KB
-
MD5
39b409deba11be2e60e03ea0b4b388b6
-
SHA1
6c0c1f3c34c55553e2729e08ab9659e8e68d69dd
-
SHA256
ea1480c57b5a0446eea8da2bbfff2a5ae83c1895b6b2c7510e6e2fd3febe6ebe
-
SHA512
2fd3fed4972ef4eff9e397148d7ffe52e59b72722701649e10ce962d3b99e67b9d989a3ff1e8e0946e012b0a805ab6141d3b4f7c187dd7eb85b9ded163781748
-
SSDEEP
3072:nIEPUhTHlf1fHFbqTRKm/n9faA0Wjq8F/grclX3Ad6JVoJHBo1wn+/o0q+:TMR7BqTd/9F0WW8erclgdWFK+QD+
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 5 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 8 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39b409deba11be2e60e03ea0b4b388b6.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39b409deba11be2e60e03ea0b4b388b6.exe"1⤵
- Modifies WinLogon for persistence
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39b409deba11be2e60e03ea0b4b388b6.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39b409deba11be2e60e03ea0b4b388b6.exe startC:\Users\Admin\AppData\Roaming\Microsoft\conhost.exe%C:\Users\Admin\AppData\Roaming\Microsoft2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39b409deba11be2e60e03ea0b4b388b6.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39b409deba11be2e60e03ea0b4b388b6.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD54fcbbdc205862ba79ecbdcade317a24f
SHA1935e202dc41eb1570cc3c3997870fe415dbe172d
SHA256a67b7f1b45d6e1cc977b7541f6f69f3be7cc5a829d1e5c7eb89d559155561806
SHA512c3d213446f7a3d4213d444a81fb055a6e09a4b307edadb69cb816619b3ae8b0031890b3d57fc7931cb87395fd92996385e9e82e9e501680da3580cbe50e9c275
-
Filesize
600B
MD5100196f3cb7a800a0d2473a88e1b4fe0
SHA123b31d80bdda3b5d103d6d057a589f1ae83b46e6
SHA2567870f398532bf0e1a56db69dcda5218e46d3bbfc3b1e96a78edf251e84f60b98
SHA51257a9afc035f6480ca59e0760cfed1424068a26b0ceeecb4fd83a78613e63a26c97beeada548c37483470d05abd47bd67a78b11d6fe9908243d8634623fdf4ac1
-
Filesize
996B
MD503ae83af69ce1b3f62d80e595e975931
SHA1ae474af2a0c8344f78b525162a245e8c575d79c8
SHA256f6879fb5ad0ce48fd7e31a3e89296f56ce6d5f274e87de1da9bc50059e01335d
SHA5123476101528f53a53f0cdf01576e798c325447f931deff3c53b181e1c552f82ac4bece993df6a1cbaa5d7f3be7b22d235d63a5f74420dbef56907858ede9ba905
-
Filesize
524KB
-
Filesize
524KB
-
Filesize
524KB
-
Filesize
524KB
-
Filesize
524KB
-
Filesize
524KB
-
Filesize
524KB
-
Filesize
524KB
-
Filesize
524KB