Overview

overview

5

Static

static

3

696e38df61...18.exe

windows7-x64

5

696e38df61...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    139s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-07-2024 23:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    696e38df61b4960698f684fb3386afc3_JaffaCakes118.exe

  • Size

    176KB

  • MD5

    696e38df61b4960698f684fb3386afc3

  • SHA1

    0c21a1c7ae9ab48a608255f41ef0dff320c3975c

  • SHA256

    67c9cada4025ee16d58a06192799fede05e75399e0c2734fdb71b7bd64b2c81f

  • SHA512

    fcded87c163cdbcc9698e0a9b6634d082987e7e75b3c2027b2d672272fcdcd5e7073aeba4d80132f9ff5a330ad44dead2171f4e0a1832de2aa7ef5213cc14a99

  • SSDEEP

    3072:yFoJSSMFa643AQ+yvdPo/IH4YVS2aGiwd6jyZ:tvFdVSdGd6

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\696e38df61b4960698f684fb3386afc3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\696e38df61b4960698f684fb3386afc3_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3896
    • C:\Users\Admin\AppData\Local\Temp\696e38df61b4960698f684fb3386afc3_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\696e38df61b4960698f684fb3386afc3_JaffaCakes118.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=696e38df61b4960698f684fb3386afc3_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:212
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff92b2746f8,0x7ff92b274708,0x7ff92b274718
          4⤵
            PID:1448
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
            4⤵
              PID:776
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:760
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
              4⤵
                PID:2584
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
                4⤵
                  PID:316
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
                  4⤵
                    PID:1712
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
                    4⤵
                      PID:5076
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
                      4⤵
                        PID:3764
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
                        4⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4832
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
                        4⤵
                          PID:2160
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
                          4⤵
                            PID:2416
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
                            4⤵
                              PID:4952
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
                              4⤵
                                PID:3120
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1
                                4⤵
                                  PID:4728
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
                                  4⤵
                                    PID:2916
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,390575720793266270,5570667901009898793,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2
                                    4⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5760
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=696e38df61b4960698f684fb3386afc3_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
                                  3⤵
                                    PID:4324
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff92b2746f8,0x7ff92b274708,0x7ff92b274718
                                      4⤵
                                        PID:976
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2736
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:2416

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      c00b0d6e0f836dfa596c6df9d3b2f8f2

                                      SHA1

                                      69ad27d9b4502630728f98917f67307e9dd12a30

                                      SHA256

                                      578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

                                      SHA512

                                      0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      54f1b76300ce15e44e5cc1a3947f5ca9

                                      SHA1

                                      c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

                                      SHA256

                                      43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

                                      SHA512

                                      ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      264B

                                      MD5

                                      ef3f0edc1e4468df3c8fbcd40cd7dde5

                                      SHA1

                                      d8e99a0c0c33d6390bb708430f29e39b347b7958

                                      SHA256

                                      962f423d7838a72f8ae5ef8737ef5a884e60c7ce82d1f2775748ee65aa8af07f

                                      SHA512

                                      4744aa030d4d1a14cf672400ef41f07ea0397193259c9685fc6fe1b4126b88d5cd5960ed1fe4e6d10b3ace284a3b7993394959e6d4a815dc13a10bd48aa2e93d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      437B

                                      MD5

                                      05592d6b429a6209d372dba7629ce97c

                                      SHA1

                                      b4d45e956e3ec9651d4e1e045b887c7ccbdde326

                                      SHA256

                                      3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

                                      SHA512

                                      caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      0ba2b993dbdb975be95ad968a60d0592

                                      SHA1

                                      0430f1b1cdc0a9a1d511f3cb90978ee4b298405d

                                      SHA256

                                      96dd380b1aec4e56a01d44bd19f7ff9ca9e818600a08fe08423b61a792ce46f7

                                      SHA512

                                      a2336cd755c6b404644c12834d5971cc7546959f4ebe3ee78286b8ae99cc462d87b9fc9e72267f60c04205904acf1a342fde15e35bc5bdfb04d37cfead6cf7e4

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      314834b12f146726fdd03488df0174bd

                                      SHA1

                                      d29c439b59a8e9cc8568c06189f35fd1941bfcf5

                                      SHA256

                                      9e6f19b8f727c39bc07108a1cd3ed4a0576ed2fbbe5c3809dad4ea60663cca7e

                                      SHA512

                                      6f3fb82abcea0e3ca85dd1e5351448899c948bcbf82f86d958c8e79b18d72416de5718a7d49de8cd632dc114e6bf06b05dcbb8b6862c9bb970c23db33a91e6d0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      755fb1109d66a4440b93b16629f2348d

                                      SHA1

                                      f0fca5bf194e4ccf662c1474e59dfff1e52f0d0c

                                      SHA256

                                      a4a17db2b2b55bf2468efb75357997bb6faa7d3ff15237d607d7a221b93ebb4d

                                      SHA512

                                      6120da5951b5b3d8f89f95b11ba2e3e886e78fc2f3d14ba41de199b213b77baa913362cd4f92ab8cf8abea1b321f24961c0128c8da07580264d26ffc2d98f586

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      371B

                                      MD5

                                      1eb3a1421f0592568f2563f95a15d9e8

                                      SHA1

                                      094e63d6fa1abcedf6f89c2cfcf28507f220c660

                                      SHA256

                                      b210b751e9d3b7633d029f2747c5c0b56d0a6c04905ef2b9e79ed16c43e51c09

                                      SHA512

                                      e82aab9570383aa570b07105f691160b83d1997fbabbe7c4775144e99d2fb71da6a71d2ab252d623bbbd919115d9f03829dcd3f529ba51a10dbd769327868ba8

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d2a.TMP
                                      Filesize

                                      371B

                                      MD5

                                      35746b710921ce844db3cd2fab78850c

                                      SHA1

                                      77ea95b10f199af9bca342bc8c6f912dec9bde35

                                      SHA256

                                      01078f012487fce26e11f1112ff81d81058a75df2b3f8641c90f80ddecb2d4a4

                                      SHA512

                                      280521d5379c4a9688f78f2d72aaf95cf9241e789aaca70edcad514ed79f9cc36bc661895fa15db9bf413df7cd616451f11455647f0d31b733764809b983b115

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      6d0623327d516898f237f88043112b37

                                      SHA1

                                      57704648a648c075fbcc740bec660f0475e2ca2e

                                      SHA256

                                      35eced273e33f19d32c5ea9e00cdedc5fd5fd002ec8060278527d9a5b48a0ab3

                                      SHA512

                                      3484c7a9c02515257f3dcc437cd6782cb56a66ed29ce12663b27e313292070042026c67a32916b018541ab8c1dc079450f60e2a2c5efa8d90e97e9a692112128

                                      Download Submit

                                    • memory/2752-2-0x0000000000400000-0x000000000040C000-memory.dmp

                                      Filesize

                                      48KB

                                      Download