Analysis

  • max time kernel
    105s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2025, 17:32

General

  • Target

    JaffaCakes118_1c70559dbdd68a5989d6cf1d9e2cbdec.exe

  • Size

    629KB

  • MD5

    1c70559dbdd68a5989d6cf1d9e2cbdec

  • SHA1

    63d77596329adbac4fac4e948960f6d9ae1b0b4a

  • SHA256

    9795982ab78e29ee900f7c46d62d5e5b51b3814a4200e136ecc01a3d6d072db6

  • SHA512

    92339e77ca81fcaf343a20e522165dc3fe7b1fabc118ca2ba5191a793f29c6b569cd7afddfb49032f56b45e9836375be48670be174885fb8b3b19b69bb62de7d

  • SSDEEP

    12288:pE3Y2jjm7PhomZQEuS7DOyLdmdHgB0130KxOu8V+CKtWJeWu9V2v/mPnN5N6:pEBghhuS76y4dsRKNDCKtWJer17N6

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c70559dbdd68a5989d6cf1d9e2cbdec.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c70559dbdd68a5989d6cf1d9e2cbdec.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:388
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 2648
      2⤵
      • Program crash
      PID:3484
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 388 -ip 388
    1⤵
      PID:2336

    Network

          MITRE ATT&CK Enterprise v16

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\nsm7EE6.tmp\DownloadACC.dll

            Filesize

            224KB

            MD5

            dbfaba3a1329a0925530482cfd700b21

            SHA1

            a6a8e5000c16ba28bea645bb456c101ca19e0a70

            SHA256

            45289f096984e9af391cbe7b907866f25fbe9a419bd70e435d7ef041aefb7b9f

            SHA512

            6bd296185dbf0aef232fa9f96d7377fd6f93dd6ccbd97ee3285732c0a897ba5ec60531845e538102fabc0cd5f7fad0c6f32f79ae88875aba58b5e52a4a3f983c

          • C:\Users\Admin\AppData\Local\Temp\nsm7EE6.tmp\System.dll

            Filesize

            17KB

            MD5

            62008374a494afeea2ee2ae9eee4c8c0

            SHA1

            94808fcf0748c437f4d7ffa4d540e054cb014fab

            SHA256

            9c4affddfa97b268b07c00ac28a2fe617dda806bf55088ccf348da149ee76c1a

            SHA512

            f584ed647b69ff8ff80450be8f0b267ebb3c97826dbf01d078165ea94b43afd1f00fc58b91d9e8f4d78465d70312c1b1a6ac66583ebdc009b0ce471a6cf149a0

          • C:\Users\Admin\AppData\Local\Temp\nsm7EE6.tmp\webapphost.dll

            Filesize

            1.1MB

            MD5

            6482716b29a424ade699f29560302f5d

            SHA1

            4d56bac748e72ce98405a7509c2bb33efe06af59

            SHA256

            72e73c6a03f37c7cad227b5940d9189a63a8729ef6199ffc068f7dc234ad583f

            SHA512

            6c58c0e347d772e403ace72a644f395e7918907374fc557970aa617df823823427f8905bed819ac04c25d5280662c7c26e999931ea51800f8ee9f55c9b64f60d