Overview

overview

7

Static

static

3

3a224c1b6e...18.exe

windows7-x64

7

3a224c1b6e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 17:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3a224c1b6e089933b4d1a4441f15f16b_JaffaCakes118.exe

  • Size

    1.6MB

  • MD5

    3a224c1b6e089933b4d1a4441f15f16b

  • SHA1

    e0d65d5fbf08ddc5ea527f90b9a7c8acad4c2b11

  • SHA256

    46503c60b0720c795d1aa9bd3fb4e8ac1a0bbe5c777bfb2ba07042156c67816b

  • SHA512

    58ac30bbcc68f7fa5244bc05783167a9e6ba7cd50a74747e707ecbd33f8bbdaf32e557cc1c38483d9ac5b52c5f5cc0ed2023d87c8f61ffb925ea98cf615a64c5

  • SSDEEP

    24576:cWBX7mPYy2gFCfkMEWk9sDfOQW7Hg7bUU89RLbnq9SyK9BOff:cWx78RFcoOD2QMKUPLbnq9SjBI

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a224c1b6e089933b4d1a4441f15f16b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3a224c1b6e089933b4d1a4441f15f16b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.34cf.com/
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4484
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb7d646f8,0x7ffbb7d64708,0x7ffbb7d64718
        3⤵
          PID:1960
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12188411067486531128,6770758096933480832,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
          3⤵
            PID:4372
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12188411067486531128,6770758096933480832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1220
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12188411067486531128,6770758096933480832,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
            3⤵
              PID:3092
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12188411067486531128,6770758096933480832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
              3⤵
                PID:5096
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12188411067486531128,6770758096933480832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
                3⤵
                  PID:400
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12188411067486531128,6770758096933480832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
                  3⤵
                    PID:4876
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12188411067486531128,6770758096933480832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1768
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12188411067486531128,6770758096933480832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                    3⤵
                      PID:4084
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12188411067486531128,6770758096933480832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                      3⤵
                        PID:4152
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12188411067486531128,6770758096933480832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
                        3⤵
                          PID:4472
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12188411067486531128,6770758096933480832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
                          3⤵
                            PID:1456
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12188411067486531128,6770758096933480832,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4072 /prefetch:2
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:516
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:748
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1768

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  3ee50fb26a9d3f096c47ff8696c24321

                                  SHA1

                                  a8c83e798d2a8b31fec0820560525e80dfa4fe66

                                  SHA256

                                  d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

                                  SHA512

                                  479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  eaaad45aced1889a90a8aa4c39f92659

                                  SHA1

                                  5c0130d9e8d1a64c97924090d9a5258b8a31b83c

                                  SHA256

                                  5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

                                  SHA512

                                  0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  72B

                                  MD5

                                  a67a4018384f317706557f29b4b2f572

                                  SHA1

                                  2956b3871ee39fd3686be0faff93a3e2f451d2ad

                                  SHA256

                                  06383e1d5a04ea8f8d6780e54f5afdd99ac5e78caa18576626e1cd5225a4298a

                                  SHA512

                                  c10f7bfe57efe42d57d1392f3444be6de173047c7aa5fff0ac9aaf44a7df47910b5d483fef6fc13183e637e056db1036b30e64cf22180cd866468835daa40dc7

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  111B

                                  MD5

                                  807419ca9a4734feaf8d8563a003b048

                                  SHA1

                                  a723c7d60a65886ffa068711f1e900ccc85922a6

                                  SHA256

                                  aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                  SHA512

                                  f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  183B

                                  MD5

                                  15490888824a42312252d1e601d76afc

                                  SHA1

                                  5b22531844842a11d83dda5957926f6728f5ed2c

                                  SHA256

                                  4520575747fec5318db4f66bf300d9ff4693e54c25d4499d3ec43c0535744de2

                                  SHA512

                                  4951773c0717eeec1d9d7ecf2c7e8a5f2c27cbbfd5ce94d7dc3a434a43d9d8b88de1095561a687705dfbd183354763f5e98c37664d787c92ea43cc92b3060339

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  bfa561062439d922543cdd4f4cff482e

                                  SHA1

                                  143b41ad885ac5740ce18410e0bebdc73e316713

                                  SHA256

                                  ea6144ffebd651e7d4fd7d2f2e4006041a0ff77c78ab616edbd0bbfcd985b8aa

                                  SHA512

                                  43cc0c34f09390ade453b3a291fa354e5c5ec28f2c9a21a297caf939b0c8f487a4975b5ff28c973c04207d4531a60bd04ee93829365814285d6a77e175acc8b8

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  afedec891f0908029c6f23bf9a4f8c89

                                  SHA1

                                  1a8e4d0a57f1b9cf5f8ea1d4d66b13873c8a884d

                                  SHA256

                                  c0d2c7e7fa43dab40696394c6f6f871327244961f11576b644677e3560cc9903

                                  SHA512

                                  14126ceeca6ae0370e90be3e64ca7976d1909f1f5444523a1e387aad28b558a50c4133eac92a115c3de5c875ddeceb4b2eeb0ca365180e1f43f1a280228b2ed1

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  b33840ffb284e073b618449801b27e44

                                  SHA1

                                  9eab8164f03a685b76976fc190a002bd9314123b

                                  SHA256

                                  630104ab25bb701094f74c8233daf40938b3c7973f87daf7c955010cec92cee6

                                  SHA512

                                  c12752f244ba0bdb4e003d94146b865f8012723b6a538c43c53440826fbe8f1a02094b3c808ba556583036981a47388fd78ade79c3e20185398c6db68a6089d0

                                  Download Submit

                                • C:\Windows\SysWOW64\SkinH_EL.dll
                                  Filesize

                                  86KB

                                  MD5

                                  147127382e001f495d1842ee7a9e7912

                                  SHA1

                                  92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

                                  SHA256

                                  edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

                                  SHA512

                                  97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

                                  Download Submit

                                • memory/2136-6-0x0000000010009000-0x000000001000A000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/2136-9-0x0000000010000000-0x000000001003D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2136-8-0x0000000010000000-0x000000001003D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2136-7-0x0000000010000000-0x000000001003D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2136-4-0x0000000010000000-0x000000001003D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download