Overview

overview

10

Static

static

3

JaffaCakes...04.exe

windows7-x64

10

JaffaCakes...04.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    26-01-2025 15:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_36f5642aed63bd489989d73594f97004.exe

  • Size

    211KB

  • MD5

    36f5642aed63bd489989d73594f97004

  • SHA1

    cf2a732d268d0a9c6e6afddb98484234b771b7a4

  • SHA256

    46939db3634db384bfa9de3d8abbc41ff0fe5f51e5d64d9f46857ba17db9d242

  • SHA512

    22843c5e4dcc7b244950e8e9d9ecd31ac8ee910d30b961e195765a78bfb679ba62609b35a6b9cb17af8e2d86e6f8cded0b356fe619d8b457c092e94c345c93f1

  • SSDEEP

    6144:VILqZ+2To+fS2UKb9Tc4sUVd6/TlXsKcs4t+HScB:VeqZbT821RAUVdeTlXws4o

Score
10/10
cycbotbackdoordiscoveryratspywarestealerupx

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

    backdoorratcycbot
  • Cycbot family
    cycbot
  • Detects Cycbot payload 9 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 2 IoCs
    defense_evasion
  • Modifies Internet Explorer Automatic Crash Recovery 1 TTPs 1 IoCs
  • Modifies Internet Explorer Protected Mode 1 TTPs 1 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_36f5642aed63bd489989d73594f97004.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_36f5642aed63bd489989d73594f97004.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Modifies Internet Explorer Automatic Crash Recovery
    • Modifies Internet Explorer Protected Mode
    • Modifies Internet Explorer Protected Mode Banner
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of WriteProcessMemory
    PID:2836
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_36f5642aed63bd489989d73594f97004.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_36f5642aed63bd489989d73594f97004.exe startC:\Program Files (x86)\LP\BF80\06D.exe%C:\Program Files (x86)\LP\BF80
      2⤵
        PID:2884
      • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_36f5642aed63bd489989d73594f97004.exe
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_36f5642aed63bd489989d73594f97004.exe startC:\Users\Admin\AppData\Roaming\0C8ED\3F5BF.exe%C:\Users\Admin\AppData\Roaming\0C8ED
        2⤵
          PID:2756
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2304
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2304 CREDAT:275457 /prefetch:2
          2⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1980

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        295e14d56245d1fa10053ecde09ba36f

        SHA1

        87aa04b24940277633b714b47dcd4f30ce48c2a4

        SHA256

        f971cadf0e0a1634dbd06fcdc8dc3ce194d11de9adc404850863ec9776784fc5

        SHA512

        51f03bbfec8b473e81d213aa09ebd9290fbdf1d026f9b89395213911af4bca68564be1a24b33b3500d52ab4bf2dd50b8cd4f0ab9d83338d30153b4ac866c98e4

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        4e57b7c4a847d9a1c556a5e0cb0847db

        SHA1

        4627810c6f13e8c341eb73f1fcdb934ae7cbe9ed

        SHA256

        b7f8f0f7067b9d1e93ea5289b8a1f3bff69babc5d05112aeb93322849a3836fd

        SHA512

        599d05146d08f3dd11cb98fc7f7ab96063c7e5703f8a0fa08aada7c599fbd12f24ca0b2df7aacd16cfcf162e2ed2df0db4ff0afe3a7528f80d9fcf720e10cfc4

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        af7558020344394759c6a294c4a5b6cb

        SHA1

        a8a30e4b5b3feff764b1e87f67f9ea9fcbbf5dbc

        SHA256

        c5ad7461bbe7d76cd5eb55db291033762c8b413217dd3ad9e3e463d8e6a24a2a

        SHA512

        053822790f3deb77b9d45e6a94e2e035e8dfeebd4efb11701ed9868f786670b4d707a252096768160d7200769e1983ec14c1bddeca836d52c0072ded481127d8

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        998c7e889da857538c266245c2f53ee8

        SHA1

        c8fbe9f05b799f473db3ef643b98c43debf47cad

        SHA256

        6c8e708e53d813a9c8593c6d35e08ebb48d21fa4979b5812c3fa73bac09baf0c

        SHA512

        be28f3fb29c103f61c8335f62574018dce815a1c1026341528c8e312699f9e1d962692571d128017e95cef95c318555f8235c190137eb5f05b42d496a4d39134

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        9ec271e6e919f7c1dc05b1a1bd96f58d

        SHA1

        c052b8cf034b4b49d18f8f73d132daa70b04988d

        SHA256

        5a96bce4577c992463e461c3984d17a73e528799c7abf093d224243a0062bef9

        SHA512

        f673c1fc7abd456ff562a3adfd25409531b5ecea7ba3a096bdeb6a9ab52421362ae266d3c6dea4eb9f597fd5b4db17ebc800d5fb8f3c078516f21e9fa1dd3e81

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        017c9a166bbc708c188b8c95fbd6ae81

        SHA1

        804730009c97253dc3566b9db17dccb346debdd6

        SHA256

        da3172eb2cda4055f622fb5e263cc78db1cf6f23970a7b8a64f757416ecaefdd

        SHA512

        fc851d3b258c759cde933bb7867049f554b1e760610077bbc9a3896eeff783e4fa1eec1caba4e815c1ae411f7f4ba70e08d98ba3d95af2b9a31b896da2bb2317

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        ce7e40ab32a8b0a1e62830aef313bb3b

        SHA1

        d102fe6153a84577f7857a3bae4e6cdfae21af68

        SHA256

        ae28279387ba18a627aac9a0760d2537c584b8d8f0687930f6128bd808c967b3

        SHA512

        14f210b71e36308e227909531a9503af0fa1880b5d96b9d582df9f738dc7883d802bd771042f79e8fc0dcb282cafb25f218d903ad0d4138ed2324c468264c4bc

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        0c8421146cd6c8a439cbb5c3e32f204b

        SHA1

        4874586fd87047060d7042e889319900f3a9f529

        SHA256

        b12039f3aa9026218b34510c614c92b455d4150c2c02fac61637c7c9d1848dbd

        SHA512

        4f0e0ed682fc8b92b4c72d014583f387ac3960466377d15a61ae30afb8aa482db4ddb7faf3b30b1702d2871e6ef01b7f65e9a3ac69ed86cab4d12d984eb0a65e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        10818f1cb38a501f66348d4514e60f60

        SHA1

        eaa5878c58c50500b672bbc4ffbd18153137b33b

        SHA256

        99d27b69ecfeb28e324634e2c06484be6e55c76b85f8de75969b0decdc84fdcd

        SHA512

        6c6f6751ba7fb805df66b4cb4d1fa8867b3ab949cfa4e04bd0e08daecb973c0ea7d950f12768632d44caefaa56f9f6ab19aa7dbf04ed0ec26b318b37df785e4c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        f8f35ab555ecb6c9f90471a05a1a9124

        SHA1

        867d37b5a839a1a10dd5a65844aaf9b3ae00f19c

        SHA256

        bacec06d5351e3f6cabfba746e4cf9954a0971972860931d58d555f0c58259e2

        SHA512

        100729118750a8a7290ef3f232db9184fd3100aab7476f49aafaa6f0a5239673d68fe337b3fae6c6750c9dbbbe8f792b6e5d070567cfd995b63f49ea8ff37ec0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab9688.tmp
        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar969B.tmp
        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        Download Submit

      • C:\Users\Admin\AppData\Roaming\0C8ED\D937.C8E
        Filesize

        600B

        MD5

        ab17be7b0b3c394bd09186a9a6b2bbef

        SHA1

        2a0660b4cc9ba435d8f7ac1ebcc252334efbe1b1

        SHA256

        5a9dc4d149736a9ce4b438092fe50bc45ae04faab25eddfd435817c2868db7cc

        SHA512

        7a1cd50f8d99000caa9e6bf3ef49b8fdc2a7b2e3ac29151858660e9a0628c044449f6f1bd6023070d197c108a290df1183e26735564edbecbdb2cd66b429f874

        Download Submit

      • C:\Users\Admin\AppData\Roaming\0C8ED\D937.C8E
        Filesize

        1KB

        MD5

        feb2e8759bf75735e1d29b4d1ebfb35c

        SHA1

        885cd4197b3a095bb03f7c0c21bcc7cb0e89f43e

        SHA256

        0e543c8789bb2e46b1967c16fc4b568dd9af3b48e42518c3587e98029980b91e

        SHA512

        391e3e4a572cdd39c6ef54e9656562562677dbdb496b301fc582a41677e9c54ca0cb8eb903a49953e88d5c5fd988aa18f22f85eb3ec9b42a6eebfb267fa482c0

        Download Submit

      • C:\Users\Admin\AppData\Roaming\0C8ED\D937.C8E
        Filesize

        300B

        MD5

        9ac88d304ee19f5e2911be7ac436cc83

        SHA1

        a923f2589ffaa7ce8b24098e91495e13e5a4337e

        SHA256

        2f495daaf4976c334413fe6c9d4dd43c5e8bb52c69039fbc643cc65da2a78215

        SHA512

        e0c79221eea147b1c378aee3b5c7db98b1a121ceafa8c3f685d3ac22f2962423b77f76273d1a700be991dca0b0685f22b7162e6b57cf06ab7f14405131d32819

        Download Submit

      • memory/2756-436-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2756-435-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2836-758-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2836-154-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2836-107-0x00000000028F0000-0x00000000028F2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2836-1-0x0000000000400000-0x000000000045F000-memory.dmp

        Filesize

        380KB

        Download

      • memory/2836-194-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2836-840-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2836-162-0x0000000000400000-0x000000000045F000-memory.dmp

        Filesize

        380KB

        Download

      • memory/2836-861-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2836-1015-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2836-2-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2884-109-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2884-111-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2884-110-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download