Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/08/2024, 19:29
General
-
Target
ac46e4a688d58b5be9a27a016ad6f56e_JaffaCakes118.exe
-
Size
141KB
-
MD5
ac46e4a688d58b5be9a27a016ad6f56e
-
SHA1
0e54a9e1c1103f148c6afd0035c8835e2e4d31a2
-
SHA256
3403bc4e213c4ee33f0d6cde698daa1454e3927cb58807049c500595a0981851
-
SHA512
9b478e78e845cdd5f96536cd32600c18707ed9db394916ffb5564d44f771526e9110476d5dd038fe6f463faa06a9c22bd316e0ae6e29df13736566d6671e3881
-
SSDEEP
1536:bWX5quD9MYAbkMTOI9d9SJPKaVJH/u3hwRxJMBwgrL11lBnwTEuD6P3R3u3pLDlG:bWX9DObUSSZKhcMbVBwTEuOPhe9Ick3
Malware Config
Signatures
-
ASPack v2.12-2.42 1 IoCs
Detects executables packed with ASPack v2.12-2.42
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac46e4a688d58b5be9a27a016ad6f56e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ac46e4a688d58b5be9a27a016ad6f56e_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 3882⤵
- Program crash
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=vsd3g0h_vs02⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdba6746f8,0x7ffdba674708,0x7ffdba6747183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5084 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13880717977890121018,5113544059575567374,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2584 -ip 25841⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x498 0x4701⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
456B
MD5c2beeb7a90793faafba201a88bb72eec
SHA18e540e74222b8164df830503ab574e51e940de36
SHA25643901d49330ffc65cfe3ac38e493b4c7eac59a225e609c9dd569bf67eeeeb84b
SHA512eea75703dd14520fafa42e7be04f137b5d4aad5ca429ebfeaeb1c3d13ea3a6d3d22e2ad5b6ece35c280af23f68f85dd90ae5065e32e27fbd39a0aa9ad34fd0c0
-
Filesize
2KB
MD5fa5f4b0b3b2396fedf9799c22b33fab0
SHA1536c6d46ea9e7c5abf72ba79408e23b44bfd2dae
SHA25662d7ee6bc85d90784a4f57190c42a66db77d6f97c09d94c719fbe73e8a7c8458
SHA5124508c90307acb0ea48849fc1672b6007f6e02b500362d3a92fade6a71a797c1704478a48502dce1b8d2dedd0a33f6f66303abfd6229848f9239826e308a5839e
-
Filesize
2KB
MD51640663abb0757f63c52f9c3d70ade40
SHA1dbd7758c732b8eb7355c5b88a7ec0097be9743bd
SHA2562dd93ff5033a13ed2ed4bf9f3bf5d5d9a4a55973761fed2683c87961de8644b8
SHA512c145d4fe2d6e8cd2576d0321c09d33270ec799275febeaf7d42f41d19aaca56ffb6aeaf468667db527d1e883981628428673f4ca5404701b1dfc65272ad71d25
-
Filesize
5KB
MD5b2001bc4be33b5ad44764eded7e144a6
SHA16f8ea08f8ee8370a9c0980cf9d02125fa7b81f8c
SHA256e1da861c5ade15aa4de5e8c0952ba11fa7cb6f1e491670499993641d6d974aa3
SHA5126a53f96b3782f44819c36ef38ff616d0df3ab606341d7c5074a923a00a484f1b0b6f2cb6ae79309bf6aadc4a64006164319f7ce26084b240314e1b3ef3307486
-
Filesize
6KB
MD5b6fcbf0112ea32a5fe07003ca37a47f6
SHA131b81abd360e06b1d8aafec01548ccb9d40c4e24
SHA25665b20a3ed341798dd74170e7c2ffc7fc411cee7b3fd11c36eb48141f7962ba7f
SHA5121b37b8a757ab353c7cdbc0f011095f5e7990eaf6cbf02bc0b3ccc686aac7f8ba545794fcf7308e1cc5dec7537f4bd617822f471235f1e006aa1065b414a0fe74
-
Filesize
2KB
MD51a2c72164b408a1c233acc715001ee0f
SHA1ff9baa1e64fd1631c505d556bd4d4fbdf512bf9b
SHA256b1d254ad7502590d44b1bea71af38162c04ab54e402123402239030f6b4e3077
SHA5128f9ffa4ca1eabd22a1831bf2c8babe3c18237858805c6cc294c3b8cd6a6324a4ab067cbaf8585aaa03bb935f54c576a7b3c0aa7cb4af1996eeb2016e4ebc72af
-
Filesize
48B
MD5d002f1bbd17a8767716e61c89eb69fb8
SHA1e8925572b4cd63d6ab53c352048ac7b391ba4e15
SHA25683b3118b42e26670cfd9d34e486a3b9eadd475f5c8a9244fd1d0b6389372226f
SHA512f7b3792959f373ad34926901de6c1e10d4244dd79efecb43b655a1967aae1d723dcf6b4d730fbe2372c25a4295aae716e146d5eac500d69a889725c57e37fb6a
-
Filesize
146B
MD518cd9ccca79f25989c35be001f7aa3b7
SHA1f18b951f76c92766c2869619e7e9d0c29b6f8e6c
SHA256f406a277f43abdfb87963368c10e32c4784814c030df3b0b440cfc14907d4b21
SHA512478bb01fe2ffde89d3e49b5df70af53f5e7302c26c479adede8f5ec353d813ac672de30dc7dcd44423463188ce046ef4f6b56f6dc648fd1d35e98ed7252cb831
-
Filesize
82B
MD570887f2c5f8d2f3d4058c7f3745295e4
SHA17147df1ebe586efe71c1178e5cdd07a9d1b60a89
SHA2563e5fc8bfa8f63f7cf43d7f49ef487e5ec387a2e580bad06ca734ea73203a7032
SHA51266eff195729bd13d8ce5bc7cc2d82cbc757552bb8e309e199a200c66f41386441621fc390f3bf12ae01a0e2f065477a9f2108cd0b560122296447ee37f8b7961
-
Filesize
84B
MD5a1de8ea11adaef9843dacf60aec3cba4
SHA1420c9dac3a87b6e35e2da244ae1c0127986c9e0a
SHA256726307f337c38bdf846c40f534ef1f2779a113fef7f1c6506853791c1e5f3a43
SHA512570923a0156b2e2cbd7e5a42b6e8327a25f10ec9fb0bd7ee6f8f1502b5db8313a99de19d906afc8b825886619800437890a0e037a8cc5f03cd97993e688ff781
-
Filesize
89B
MD57fd57210e133c024bb7a497304b39266
SHA1895f9bac19dbae36bc1010950a9f4f5c0cb8bb02
SHA25687aa95c6dfbb2202e4743117253a7623c46d2958c8db473021bb17465f80fc7c
SHA512344218d092254717b646e77d0fe2b5fa149a2bdaf84d395ccd4ac12c28670ce8150aadf7eb283ba54026caa1f9a62dc8e04408d9fab6fc732514f6e720c94b2e
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
72B
MD50a4b409f8f5610c8b26fd1543e5d4828
SHA15e0e98178a2b92d37277bc96c3b1fc4998107d38
SHA2565cf35f7f96491eae0f5575b14682611f504f57d8947954c3e6e3b3da4fb00815
SHA512ac2f2bb1f535cf1df60ceab29d9cebf43b615a1e52c91b1b706cdf4d576b283c95659ed030ddb8b8752069ebf5d29f038a1cf3e2d7da4f838fcc180a9e2edde8
-
Filesize
48B
MD5615a053f60917a574e2416dd107e50f0
SHA144b45a14daabd22a7eb7550bade1db46668b8d04
SHA256f42103b257b39d0433c246db1df13a38324a3835f5dfd4b8478e88f5ed107669
SHA512dbda5ef9c0b60bbbd442461141f814d9d4cdac758dd7803614cee09799d9263e90315a8d5efe15230a4ee8b20881b829c5b82d806aa08c2c535fbabe97639ee2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5fac47b623f889e0315bcf20289c83f25
SHA13ab6374c4c13f23d0e9c4df723a06e666e4efa4c
SHA256f06f30d5d559e4854867cc768c2bb242d485cff6157e91fe29338196565f101a
SHA51265d8ed4fe7ff392c137eb2160fe8773c9ad1e36bc3a64a4eb7c90f44b5722ebcea5a1e206a16701fb3717755549f47421debc93c4216bb88654aae2ba6d4f87f
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
280KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
280KB
-
Filesize
4KB