Overview

overview

7

Static

static

5

JaffaCakes...13.exe

windows7-x64

JaffaCakes...13.exe

windows10-2004-x64

Analysis

  • max time kernel
    17s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2025, 09:17

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    JaffaCakes118_8a867fad855aa30a54a0d6d5139d6413.exe

  • Size

    156KB

  • MD5

    8a867fad855aa30a54a0d6d5139d6413

  • SHA1

    b6564c213a7d0d8f98b692d62d2a551db8a5266a

  • SHA256

    0d347e55a594bb76b76f5c707d26a4c810a64838673073a47e0537eda1cd2f59

  • SHA512

    746166f9107e694ab0001401874e7cd3100372c881500e604ffaf1a735a44ffcb1449227000d75805f6f2ebbab7533b9d7984960153683409f4f13875ff9d129

  • SSDEEP

    3072:JoGT5p1i7XHgoNRUa5SP9dT8H6//Z7qE8wrwUzERy1vs:S25p1i7dOXr0w8+nls

Score
7/10
credential_accessdiscoveryspywarestealerupx

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 21 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a867fad855aa30a54a0d6d5139d6413.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a867fad855aa30a54a0d6d5139d6413.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:2648
  • C:\Windows\system32\dllhost.exe
    C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    1⤵
    • Drops file in Windows directory
    PID:2752
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2692
  • C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchIndexer.exe /Embedding
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Windows\system32\SearchProtocolHost.exe
      "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:2876
    • C:\Windows\system32\SearchFilterHost.exe
      "C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
      2⤵
        PID:1480
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x0
      1⤵
        PID:1708
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x1
        1⤵
          PID:2064

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
          Filesize

          1024KB

          MD5

          e0707a7fc169d2dafee527a575942dd4

          SHA1

          9934b6f171208092a010f8b5437a9023a50a489e

          SHA256

          1dad898b201bbca3ba2484872447d1e184522c88178e4da6d9a374920980fb20

          SHA512

          7c863def97ce71dd123070a2d0b63e9787c0e5671f552eced86fac5fdbb082adbf895d94e88b731e48f9ff2de8d7f03a7ade02113e84577eb50c1a638508b23a

          Download Submit

        • memory/2556-36-0x0000000002E70000-0x0000000002E80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2556-20-0x0000000002D70000-0x0000000002D80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2556-62-0x0000000004240000-0x0000000004248000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2556-63-0x0000000004200000-0x0000000004201000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2556-69-0x0000000004200000-0x0000000004208000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2556-71-0x00000000041B0000-0x00000000041B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2556-80-0x0000000004250000-0x0000000004258000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2648-0-0x0000000000400000-0x000000000044F000-memory.dmp

          Filesize

          316KB

          Download

        • memory/2648-2-0x0000000000360000-0x00000000003AF000-memory.dmp

          Filesize

          316KB

          Download

        • memory/2648-1-0x0000000000360000-0x00000000003AF000-memory.dmp

          Filesize

          316KB

          Download

        • memory/2648-86-0x0000000000400000-0x000000000044F000-memory.dmp

          Filesize

          316KB

          Download