Analysis
-
max time kernel
140s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
27-01-2025 17:11
General
-
Target
JaffaCakes118_41e9f1f3410db5e4226b9e465582fddc.exe
-
Size
170KB
-
MD5
41e9f1f3410db5e4226b9e465582fddc
-
SHA1
9e445a5220f6a19d300f55a416c2f55ace50a5a5
-
SHA256
4c3ab62582c73b13152d9165653ab4e308276824ee03d484436d0c3de5295d0e
-
SHA512
423d741f9d9e415247146cde9cf372671c02db7a6d5a8fd96a5545e4b6aa2410579c6a397e6b47c6c747efe55b4f8823cec7186ec6405fe390413737702991e9
-
SSDEEP
3072:dPrNKNOnU+1V0jf4QtQq9Pphxq1/+JtmqD5sn4sNCVW3k:dPrNKNmx1V0j3NPdq1mTFYtNr
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 6 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_41e9f1f3410db5e4226b9e465582fddc.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_41e9f1f3410db5e4226b9e465582fddc.exe"1⤵
- Modifies WinLogon for persistence
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_41e9f1f3410db5e4226b9e465582fddc.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_41e9f1f3410db5e4226b9e465582fddc.exe startC:\Program Files (x86)\LP\9A63\A81.exe%C:\Program Files (x86)\LP\9A632⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_41e9f1f3410db5e4226b9e465582fddc.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_41e9f1f3410db5e4226b9e465582fddc.exe startC:\Program Files (x86)\D36BB\lvvm.exe%C:\Program Files (x86)\D36BB2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD57200bfcff773ae04651b33bf0d1acfe2
SHA10c81e23345b75cfc483547155815fd510270b12a
SHA2566d8c88549dc57b05522b7b2b2cb11e42c06f1f682cd625a1a63f8e362c01d834
SHA512f5a9e667a45db9733665f8bd8e5f21c1bcfb3fa33810268687ddad0820c45bb40856b4b36ad7d9df12c87a1094d7c2c9a651e68588feb877537039806982a743
-
Filesize
600B
MD5e3cfaa93de70ce933c78c0f2a3abe209
SHA184fc979abc7d186f030a57bdfd710bc72247c130
SHA2567cabda6f8fd6daf3bc5b8474c3e20e6511f274b0bfab62b232560e96924cde80
SHA512a7c972e398e79005cc8e1f1dd47b139773e6e5bb0a1107930017461746869d9823e5a897317b0f8bdf4614d5efa2eb3883481c67e22acfd19fc45c12a4409589
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
568KB
-
Filesize
568KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB