Overview

overview

7

Static

static

7

ad75dacb41...18.exe

windows7-x64

7

ad75dacb41...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-08-2024 01:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad75dacb4181fe8165d3956357488324_JaffaCakes118.exe

  • Size

    79KB

  • MD5

    ad75dacb4181fe8165d3956357488324

  • SHA1

    f75f2bffae63af235102bb76dde167d6944a7c3f

  • SHA256

    06f5cd1518655aba2986f6210b7c91b20d7c3b32dd51c764a650088f478a2151

  • SHA512

    8d2058ef0d0085d5b4a435a8a6f9f06bc7633a6597e6eb9e9ddc92bae5f8535af4c0b139ca62fa9717f6c157a352af130bf46bb82db330d8cc35cbe8bbae87ce

  • SSDEEP

    1536:N8C0iWEpRMhmPfRSqxDyLOY4gO8J749PMkR5LipWF7X261Y6u10nouy8H8BeaLCk:F0iW18pjx3T8tkvRhipWFP17outH8BHZ

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad75dacb4181fe8165d3956357488324_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ad75dacb4181fe8165d3956357488324_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4052
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.gotomypc.com/members/connectManual.tmpl?ConnectionKey=1185737466-ca7a72c1e2eb3593b15a4f0c4012cb4e&FullDL=true
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:5016
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff86cd246f8,0x7ff86cd24708,0x7ff86cd24718
        3⤵
          PID:116
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,9405667492552156768,2008588051366343963,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
          3⤵
            PID:1900
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,9405667492552156768,2008588051366343963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1444
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,9405667492552156768,2008588051366343963,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
            3⤵
              PID:3232
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9405667492552156768,2008588051366343963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
              3⤵
                PID:400
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9405667492552156768,2008588051366343963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                3⤵
                  PID:4392
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9405667492552156768,2008588051366343963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
                  3⤵
                    PID:3124
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,9405667492552156768,2008588051366343963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
                    3⤵
                      PID:3200
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,9405667492552156768,2008588051366343963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
                      3⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3908
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9405667492552156768,2008588051366343963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
                      3⤵
                        PID:4600
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9405667492552156768,2008588051366343963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
                        3⤵
                          PID:4740
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9405667492552156768,2008588051366343963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
                          3⤵
                            PID:3740
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,9405667492552156768,2008588051366343963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
                            3⤵
                              PID:2220
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,9405667492552156768,2008588051366343963,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2516 /prefetch:2
                              3⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1376
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4292
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4240

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
                              Filesize

                              471B

                              MD5

                              cd70f9ee6afbddb18e7920f8c57c6362

                              SHA1

                              3125e9f15526d718f93572645a4712a39442abac

                              SHA256

                              f4bc4b1b735be48bb55d4a2465df85c97314e1e347c6e8e43e39e197b1aceeea

                              SHA512

                              979d0b5bac76920929d80b4efd142e622ab8aaed2b232959da57313c7cde73e27633677beb0dd8bc1462d114c6e856fe666d6adbab796ceb008f6e8bbb09f37d

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
                              Filesize

                              400B

                              MD5

                              d520d95f7fcd774985d434f82333aa08

                              SHA1

                              c6f42aeeca5e7e2f85fe0179f455e8a717e8464a

                              SHA256

                              c3d30a43481be454bdfdcabfa5cea97d697d377f0d2839af59d6066af355e07f

                              SHA512

                              b983af4327c4fcac1eb9ba4f57d0fde06b354aef4dbb6c5a34727c632926deba94c1925f848f96556a263a830f6cea23c4df18cc14e6dc70c7f2cd9896a70147

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8f7a529f-fc62-42a4-8240-57933c172a39.tmp
                              Filesize

                              11KB

                              MD5

                              c52e804989aa30076190ce0e8c8f3561

                              SHA1

                              7af53717d0b71b7fc9c37746b0d44898930aa966

                              SHA256

                              b747d76ee90e9843f8ac47a65a5a5eb66a7aca5cbf3aca438b773443f41e788f

                              SHA512

                              06e19ba52cab074fefd2409fe8d24385b87309c458c1291592cec9d5c28824002047209b05a3de22adad902d6e854017e3411a063a9340e87f3193639b4ff2d4

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              4dd2754d1bea40445984d65abee82b21

                              SHA1

                              4b6a5658bae9a784a370a115fbb4a12e92bd3390

                              SHA256

                              183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

                              SHA512

                              92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              ecf7ca53c80b5245e35839009d12f866

                              SHA1

                              a7af77cf31d410708ebd35a232a80bddfb0615bb

                              SHA256

                              882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

                              SHA512

                              706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              744B

                              MD5

                              b40f614416c4552f3deb1cdddfffbb25

                              SHA1

                              e5a72884166f7739cc9338a3f393ed1fe0a4aebb

                              SHA256

                              bb449aa0cfa3b76e9d6999ffc97a8c1903f4d4e96f10298332ce08cadb54ccb4

                              SHA512

                              d5ef459d8bee034ecf586729373c232875b7c67fbcb6e265c2d3d0712852ceea5dd1c9bbe695472428e893256cd557a825b8cabcd66085ff9127acbc765c6eab

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              2KB

                              MD5

                              26ce9bd7c4ede1c8f9cd86574a4d622e

                              SHA1

                              1f61b9aa86e950be2260f159cb910d76f209786a

                              SHA256

                              7f3a15ac028e4929515606310be4cfc6325e2bb8589ba61c9c74a3d8893fc2b7

                              SHA512

                              5e5c29cca8c21f5da0f6440326e62cffedd12c547aa05ac9e9dc10cc5080b669afd4c6a7add0f6e1bfa5e6863e06d2a52ed60b5f1683e1a08296f3ef35e9fe21

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              07d05fd8100eadb113a4f239992a8f59

                              SHA1

                              dad42fe91bf12b9bc3f05335127d8f523ceef3f8

                              SHA256

                              daab185713a95d22af70f9f18594e94386779e04a4c6afcbe3066b9e86745e36

                              SHA512

                              963e9aa5c05bfbdb20199c35683607ea317c79b86eb1b62c7d8936c738dde70a07368bd88a28ff46fce51acd003a66c61f77bf507e527c8035014486ccfd85bb

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              8KB

                              MD5

                              401856bdef5a118ea96e567e7ff6169b

                              SHA1

                              d4cb24202643932491274c2825b58ac79d79a175

                              SHA256

                              e51b5f3dcd16039073c6cd6f8461c8bbf8f998be0dea5e57148a8fa191d8e4ad

                              SHA512

                              0b74c313031742e28e3e77cd3f4701ec5ce8df02f1b633fd8da009e074573ee8bf4034d688a75953a73b132235049a38f620dd2d4eea02b1b9953f49e1cd3436

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • memory/4052-7-0x0000000000400000-0x000000000042B000-memory.dmp

                              Filesize

                              172KB

                              Download

                            • memory/4052-0-0x0000000000400000-0x000000000042B000-memory.dmp

                              Filesize

                              172KB

                              Download