Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

66bffe0de6...18.apk

windows10-1703-x64

3

Resubmissions

23/07/2024, 13:29

240723-qrc1havgrh 3

23/07/2024, 07:59

240723-jvtdbsvhqc 8

Analysis

  • max time kernel
    112s
  • max time network
    84s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23/07/2024, 13:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66bffe0de65f2bdf16a85ebe3153c261_JaffaCakes118.apk

  • Size

    2.3MB

  • MD5

    66bffe0de65f2bdf16a85ebe3153c261

  • SHA1

    7e11e1a6c35218610a27b1a2a5e04258146fc0c9

  • SHA256

    611034244742e3dd88bdfca6c43d8b40454509873e81bb25572265aac5f8699c

  • SHA512

    86c98ef137cd10baa8b792ce4b939d3817b5c52947cea2155c627f2b065c11541962fd8ad40c222fd5b22470fd641032a87878b17790f68d722a913816df9730

  • SSDEEP

    49152:DtkpnQ6qYqCo3+NzMFVI/ij1PSs43H3vf+Gg:1b+1O433HfPg

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 14 IoCs
  • Opens file in notepad (likely ransom note) 2 IoCs
    ransomware
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\66bffe0de65f2bdf16a85ebe3153c261_JaffaCakes118.apk
    1⤵
    • Modifies registry class
    PID:2168
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4464
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\66bffe0de65f2bdf16a85ebe3153c261_JaffaCakes118.apk"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4776
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\66bffe0de65f2bdf16a85ebe3153c261_JaffaCakes118.apk
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2588
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2588.0.107521788\1434966181" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20767 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {562aa19d-e187-40b2-a9b8-a45fa0c2d90b} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" 1796 1d0c15d7b58 gpu
          4⤵
            PID:4492
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2588.1.554447968\749689787" -parentBuildID 20221007134813 -prefsHandle 2160 -prefMapHandle 2156 -prefsLen 21628 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4421038-4dd6-469c-a38b-3791d5fc72f0} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" 2172 1d0b636ee58 socket
            4⤵
              PID:1812
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2588.2.498644263\1573869621" -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 2688 -prefsLen 21731 -prefMapSize 233414 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {567671c9-b981-42ae-91e7-81ab1ab77501} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" 3088 1d0c1568758 tab
              4⤵
                PID:3684
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2588.3.1000296823\1518612295" -childID 2 -isForBrowser -prefsHandle 3516 -prefMapHandle 3512 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d16d986-363b-477d-83e7-29926bea7642} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" 3520 1d0b6363558 tab
                4⤵
                  PID:4624
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2588.4.1114203383\44938780" -childID 3 -isForBrowser -prefsHandle 4540 -prefMapHandle 4556 -prefsLen 26370 -prefMapSize 233414 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {502c59a6-20fd-4cc7-adab-c73ea0e8b1ec} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" 4532 1d0c7c9c058 tab
                  4⤵
                    PID:3432
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2588.5.802536289\901659347" -childID 4 -isForBrowser -prefsHandle 4780 -prefMapHandle 4472 -prefsLen 26370 -prefMapSize 233414 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {daed296d-bfc1-4cce-89c7-21a81d0509ed} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" 4912 1d0c7c9b158 tab
                    4⤵
                      PID:908
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2588.6.1408483655\908123555" -childID 5 -isForBrowser -prefsHandle 5108 -prefMapHandle 5112 -prefsLen 26370 -prefMapSize 233414 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea6c8b61-b1c5-4d0f-9c7a-bd13ff989be2} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" 5004 1d0c7c9c958 tab
                      4⤵
                        PID:2044
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\66bffe0de65f2bdf16a85ebe3153c261_JaffaCakes118.apk
                  1⤵
                    PID:5024
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\66bffe0de65f2bdf16a85ebe3153c261_JaffaCakes118.apk
                      2⤵
                      • Checks processor information in registry
                      PID:1584
                  • C:\Windows\System32\rundll32.exe
                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    1⤵
                      PID:4392
                    • C:\Windows\system32\OpenWith.exe
                      C:\Windows\system32\OpenWith.exe -Embedding
                      1⤵
                      • Modifies registry class
                      • Suspicious behavior: GetForegroundWindowSpam
                      • Suspicious use of SetWindowsHookEx
                      PID:4104
                      • C:\Windows\system32\NOTEPAD.EXE
                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\66bffe0de65f2bdf16a85ebe3153c261_JaffaCakes118.apk
                        2⤵
                        • Opens file in notepad (likely ransom note)
                        PID:4500
                    • C:\Windows\system32\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\66bffe0de65f2bdf16a85ebe3153c261_JaffaCakes118.apk
                      1⤵
                      • Opens file in notepad (likely ransom note)
                      PID:2800

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      23KB

                      MD5

                      eff3c4ec5cf3026117dae3d15b912445

                      SHA1

                      3b4bd35c12826b586306bacd776630b78f536d6c

                      SHA256

                      a111f9e62ab559c1d2a1c3e1508652f760e11eb5744ac2638a66b45c1c24413a

                      SHA512

                      130f1e8f0e3b8c489f09fec60a38c4c916ce41ffef46d6ab1029b6d1481a789c290699754d9d540d79b35a0e44a3bedfee9fa584e59547056233db8bc0fcc3f7

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                      Filesize

                      7KB

                      MD5

                      c460716b62456449360b23cf5663f275

                      SHA1

                      06573a83d88286153066bae7062cc9300e567d92

                      SHA256

                      0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

                      SHA512

                      476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      73c45228af101f3706f52aaab7bc93b8

                      SHA1

                      812e6c1a1f388f2bba06a4da142c4a82f703a371

                      SHA256

                      21c9e98a389326db7fff050941ce6fd416631a1ffdbd9fbade11c9bf19c68814

                      SHA512

                      fa3a77552dff52cba2dbdb79ab1ce2ee941e3b04707b7f01fc6981bd6feb14825813887cb5ee2ef984fdb25e5e6fb5c27b8b57887947eba399fc58de17d3e73e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\5e999a2a-ed28-4377-b971-abb2271784bc
                      Filesize

                      11KB

                      MD5

                      4812a333cc23a04a326d621180a5c706

                      SHA1

                      9465e8a1ef23a7a0bbf782dacd971a9c9df784e7

                      SHA256

                      f6574ef8c8bca399da53658a67421c4767c31550864f43f7dc89ea6146b3785c

                      SHA512

                      dca186159b4390ae052b7686aa65f2d68b75c820b1dc4bf1a364076615dac57973535ce589b22fe5b21b1a576a438a5c3132c45b882f4a715488ab1a604c98c1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\802c8c9b-5b1a-4258-a83f-e5e56e9064f7
                      Filesize

                      746B

                      MD5

                      b9b5dd75422f1671c97f23fe1f8bcca9

                      SHA1

                      a02919f4e0802f4c401ae86d812f4149add5be0a

                      SHA256

                      5f3aac9d91db515765a9ffdc346dfb80716c84815384b801a4fa63085efc0cca

                      SHA512

                      12c16248e0152830dff0c3fdea2c17a266b15d4989c6641a4f9861ce56838fdff1b42afb85729f58caa4eb31f4a1c8f4fa7d9997a68e39cd30c828082e6bea11

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      c44e30b1b786e4a1cb0daf5ce048b768

                      SHA1

                      7898a12189bbc51d3357594d30358f63d4b93a02

                      SHA256

                      f0a5f9a90fe2f9adb4534f26dc25882252006bf35f48208b7a81ccaf6a649211

                      SHA512

                      23b1ad1fcf1cbea6483778cb85bc049c6c53f9469f903cf9f371071df503c707ece599f8e6465089c055a0eb15108e4465e5ad14b26863a2db5453f4f3340d49

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      33f139c8c931b9ddf3f588a9e6e0dfe6

                      SHA1

                      817c6967d052ae68042f367fffbac9721d0fd311

                      SHA256

                      6c12bb4cb2f677cd372a1404ac3e01ebd2902f0b8c4b37f32f240e1aec3d65ba

                      SHA512

                      cc1613fe1820c3bcbec5e4b49e489a8b0978eb12716a8cd6a0385332e071e9b0d1fd4c774bd3d8cd909a77e69156d335adceed967d4ff57a1d478af8275edf71

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      4b1872803172c114b7e022af9e6535d3

                      SHA1

                      3d3bd9726fad62648c0594d694615a6282dd7603

                      SHA256

                      ab1ec825c2848b43077c27745ff16eb172f8f6e29bf67057ba356a300bb5c0fb

                      SHA512

                      2e7e8409c3f20ce2bc35a4dc983451efa8d4ff5774cacc77b5074101945bdf99f4f4a334b54b40dc69ac82ab56214908ba8a9a59ad34a4e52271f9b25c1594e1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      97219eab4de0e4acb3ff16fe361d9a94

                      SHA1

                      c22185dee6e720e01fdaddf6298106ca208e32f7

                      SHA256

                      922b4a2724d2e21b286b0d1259c26f75e0f348d0434c3d0bf7c98afbd01c061a

                      SHA512

                      3c4bd7aa9a33c214856e0f50ca7f049e33487b5c36a30ead8dd38de936f80e8817530561e83e782003ea3db2704ada7c19fc846315d606b4f2b60a9027b695c1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      3e15861f95e5011a8a1b8026464c8878

                      SHA1

                      00cddf9048694da78965242341c10de7d82f35ae

                      SHA256

                      3cd85d9e3542a13c46d480b0fd17356503fe5937abc1f904ec5e666697101aa8

                      SHA512

                      7a15698eab4580574e98b8ca3af30f48a589a69d737eadf973611a99733c27d33fa095e5c45cc1137ff593c82a066aa3a21e266d85526e26bde49e085e79c639

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1003B

                      MD5

                      8475af114500c169916585af2e25ba5e

                      SHA1

                      49589c424aa85ee41be6529b7eda906e4df0f801

                      SHA256

                      cbd3b5cde50c53db84b50a897b9ba14377d9efa45598e92050644eb14ad8bad6

                      SHA512

                      3628c815848db2d9dadaaaf9e8eecc4bed662afd9914165f9885f4f62c488d590de2ed0959d78632584ec0b17be835473a46fd500d063358f1dac295c5aa18f1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                      Filesize

                      184KB

                      MD5

                      39f0bea834d0094083b500e2121e8a82

                      SHA1

                      dfa890b6f83129dd77b5430c73662b2db283cd51

                      SHA256

                      c8c7ade6a58bddee210b2c77a6da3d1aa371eb4532cb7f3eb1e17cf573b4388f

                      SHA512

                      204ac9278a9029132e4b5035787fbf12dd1cd088d10d7b95575c429f290818acb7cc28c5d5bb310f76470ee44763300001dfec1641942129dd25c9d55f8b9ca4

                      Download Submit

                    • C:\Users\Admin\Downloads\spKCTQoQ.apk.part
                      Filesize

                      2.3MB

                      MD5

                      66bffe0de65f2bdf16a85ebe3153c261

                      SHA1

                      7e11e1a6c35218610a27b1a2a5e04258146fc0c9

                      SHA256

                      611034244742e3dd88bdfca6c43d8b40454509873e81bb25572265aac5f8699c

                      SHA512

                      86c98ef137cd10baa8b792ce4b939d3817b5c52947cea2155c627f2b065c11541962fd8ad40c222fd5b22470fd641032a87878b17790f68d722a913816df9730

                      Download Submit