Overview

overview

3

Static

static

3

3c3b15d033...18.exe

windows7-x64

3

3c3b15d033...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-07-2024 06:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe

  • Size

    45KB

  • MD5

    3c3b15d0338f1a3b27d7695f78544f4b

  • SHA1

    13f6060a369c1b04c55d2a9ae20bfa80f0a84127

  • SHA256

    59f898cc427ef4f3d95272ecdca6e98da3f03594204f27fd7b27c9af66aa26bf

  • SHA512

    39b627b40add3930956a1e65ecd8d4700e5d8ef1248be44df49f309bcd3782f037894bc555f40b7ce14f1fffc9317e54416ddb0ff5be431803dcc058d504b9d0

  • SSDEEP

    768:ahC9qiQF2o8wXGzz1Q1pcM76NUx9B8jUoRCJRWx/3FLAXrar7t5Ahz98x0:n9qiQF2owCGM7J8jXjRAWr8zKx0

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4456
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.hotmail.com/
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3408
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d8a446f8,0x7ff9d8a44708,0x7ff9d8a44718
        3⤵
          PID:2332
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
          3⤵
            PID:1660
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4248
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
            3⤵
              PID:4036
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
              3⤵
                PID:1620
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                3⤵
                  PID:2816
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
                  3⤵
                    PID:4980
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
                    3⤵
                      PID:1064
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                      3⤵
                        PID:1364
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
                        3⤵
                          PID:1136
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                          3⤵
                            PID:1020
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
                            3⤵
                              PID:1736
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
                              3⤵
                                PID:2760
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
                                3⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4924
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
                                3⤵
                                  PID:1396
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                                  3⤵
                                    PID:4064
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
                                    3⤵
                                      PID:756
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
                                      3⤵
                                        PID:1472
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4772867535286543050,13790082291463335638,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:2
                                        3⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:3984
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4992
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:4404

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        75c9f57baeefeecd6c184627de951c1e

                                        SHA1

                                        52e0468e13cbfc9f15fc62cc27ce14367a996cff

                                        SHA256

                                        648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

                                        SHA512

                                        c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        10fa19df148444a77ceec60cabd2ce21

                                        SHA1

                                        685b599c497668166ede4945d8885d204fd8d70f

                                        SHA256

                                        c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

                                        SHA512

                                        3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        912B

                                        MD5

                                        f4538aa24be20ce06bd7edf86c77db2d

                                        SHA1

                                        83ce42d960daf0c0997973d71fe525304f4b253d

                                        SHA256

                                        3554c85343c49d83ee27840a6eb24f159544200108bd9a9635d9b6b07c21969b

                                        SHA512

                                        ef11ced34f1816caf1a9ee88a9b0856aed35710ff5e6e93e9422a9bad497d0b6f79401e51892359aa8dd30a446ab05f81cd391eb5c28e9eb03b6a86f2bcc0918

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                        Filesize

                                        1KB

                                        MD5

                                        d6fd934c6047777307f623dd91c46db3

                                        SHA1

                                        6d7127b2887919dbe224d6852700761306ab2e32

                                        SHA256

                                        4303c30690f54920a9cbb0beb7a516d69be0811eee68e4de9e0b73954227fff8

                                        SHA512

                                        fbe4b221e8696a227a6a09e7c379575834df7503c97cdb9794807c771dc8c6d11a5f39b52917acc90f5b62d4f6360088f3489f0b5c655c26704ef7dde667288e

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        5a816665ea59a2faf7b2ed067d0c41c5

                                        SHA1

                                        c431556b9d41b5ea81c57265e5cb32ceca345ec3

                                        SHA256

                                        04a8ae90e4a73d247cab6f31be19939cd4f2a07f14bf6a0010a96a3b02c133a1

                                        SHA512

                                        77f76ad12e4d4f3a0248c38121aaba8684fab139507c03d0293309e687e8ecf990f9798518d33302ac33cce74c838d8e52a550efc8e7a5525e2949a04d8526d2

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        676f38c4f9bf182b97385c3583006915

                                        SHA1

                                        faa77689fb20974bfe27d3117f19185a73943ed9

                                        SHA256

                                        d4884635b17804fdb9eacd0c1b8748833e527d1d40e136cba82b061022b2abf8

                                        SHA512

                                        47d0cd3d8e40660d627f9067d5fbc9644a673755c5e8c3b7b6bab819c5612ab7b1de1fe342a1443e70659e6e042b4ae824c148cb3d896faa823b598f5836b64a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                        Filesize

                                        1KB

                                        MD5

                                        4ae6cc2fde211cf21bbe87563b235b03

                                        SHA1

                                        c52933f10b108525280893f3aa92070222c6e7c9

                                        SHA256

                                        3f10723053bd7ba5b41d0b6bb32ca7d499bf9e74dbfc3a317bee4a5afa1e96be

                                        SHA512

                                        48815ec29b682ecb606742b41f1d88aad0439896834696f948c0f48d468bcc7f9b544f627d765a03a267c7631527c3ba5143ab56f289bf4b1be201a343fdc277

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f666.TMP
                                        Filesize

                                        1KB

                                        MD5

                                        e86a3c11dffd28d29f7cc6731d36237f

                                        SHA1

                                        2b3ba6355be47ce41fa63f48259ebd56ec7016a5

                                        SHA256

                                        bb242d310d6ae3c43ad408889250fef61783ee36247327213672abb184c65365

                                        SHA512

                                        863363c11225f595d4bca8d460d4061deb9279658942049d40dabce43cff97d2ac19640769161091db38fdc6d91af9988839177dfa037c6eb2af6164ffcf3ba8

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                        Filesize

                                        16B

                                        MD5

                                        6752a1d65b201c13b62ea44016eb221f

                                        SHA1

                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                        SHA256

                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                        SHA512

                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        11KB

                                        MD5

                                        cd14f15c7abd23da8c378a401e72ea01

                                        SHA1

                                        7fc24901c80311e4e9b2d753aea150f85516c89f

                                        SHA256

                                        1402de29972e23af466cb5d7c50533d00712f94271005baaa1ff6592413da366

                                        SHA512

                                        a0fe19f7d5fed854a99f849993df1aa0a35734fea1e2bca9da28cb1f5c9cd8f1f2199248db9fffb4cf0bc9431c0c5d714b0fffc7cd5e18edb64a1bdce6d77d6a

                                        Download Submit

                                      • memory/4456-30-0x0000000000400000-0x0000000000411000-memory.dmp

                                        Filesize

                                        68KB

                                        Download