Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
28-09-2024 16:59
General
-
Target
fcbf7a0e18f4849b36ca1c2af55f5046_JaffaCakes118.exe
-
Size
68KB
-
MD5
fcbf7a0e18f4849b36ca1c2af55f5046
-
SHA1
9b16e0c77cd52e123d62d3351c0b9d3cdfa7ed18
-
SHA256
21af95a3940bfe21240ffd272979852447a396dfbccadfd817db77d7679764f7
-
SHA512
3e834a6f369fd037f25f73bf8c754c49295de7adae96fd00e232f068749efd00caf442eaf22ae097d94a166983ab43190992490138f411739c16efae1a39c36b
-
SSDEEP
1536:XHrB/nJHSwfM3JBdRzRccvqb/j1C3CS+2P0:Xr/HpfM3n9pvUICS+I0
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fcbf7a0e18f4849b36ca1c2af55f5046_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fcbf7a0e18f4849b36ca1c2af55f5046_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 2202⤵
- Program crash
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.vivo.com.br/2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd46f746f8,0x7ffd46f74708,0x7ffd46f747183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12400086255433315094,13440970227133453468,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3668 -ip 36681⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ab8ce148cb7d44f709fb1c460d03e1b0
SHA144d15744015155f3e74580c93317e12d2cc0f859
SHA256014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4
-
Filesize
152B
MD538f59a47b777f2fc52088e96ffb2baaf
SHA1267224482588b41a96d813f6d9e9d924867062db
SHA25613569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA5124657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b
-
Filesize
912B
MD538719d7e23997c8d2af6f656ff51fd9f
SHA148e9d01ce2ca8d6545f2335dbab9421d69639412
SHA256817e15c2d4fe2274645b737e00ddc065186cce55d70ec4ffb66bf65aeef5b39c
SHA512cc62fbdcc9e8bab883de4ed0aea1bbc2747263686594cb63b2362cf034969b56e29d831ec171335772651e79ffee7c94a74d7719fd7ff1f58f98c13a5b288b3e
-
Filesize
6KB
MD5f36cb03947710c66661e5299b34b4729
SHA14fa47fd71e51c626c1cb1aa96916e9572fc7fcb1
SHA25677c113aa6e3a09048c7908e43d63013f50bd8995252766c48bf2445097892910
SHA5125677867cb74ff4d9da0cd94144cbce66391efd841dc0bd60706b1d59ce487515d41df33475ef3315d23a4d4da314e935672993bc5544be31183379f3dd89ace1
-
Filesize
5KB
MD5c3afb777e0fa3a912652449369baee24
SHA11b66c80af8a0ac3a581310b68464a8c5894d8163
SHA25663ae4250b336021c8bc574f1cf143b64e985f1fb0b4bace393a0aaba2ea104bd
SHA5123d981ce1f125831cb6ca53bc9080682ab5ab675d27d079de902b59c3f30b2f52ca9bbc478d569b27acfbc925d585e73faa16c9b2cea6a8abaed5b3742ea7b79d
-
Filesize
12KB
MD592f91f6b369b696597739d41406ba243
SHA10cad68847d860c8f2d4362e86c2606435203ae17
SHA2563e3e3bbfc660cb64e2362888095dab337b615b8527a6b3c4232d480ce3ce0958
SHA51298f3258997af9fd1c4fb9ee3939e7844de8f83c43e16868af9119a77063b50c3cd83b43843e6b0fc965f2ee522a827ae9a66eb05ab0c3095769f11f6744767e8
-
Filesize
9KB
MD5da9d0d883c5b9895c9583eaa469d5cf3
SHA1611f6fbb98e5160a32104c91e07198f8960c4043
SHA2566a4f69aac01946c705e69fbe136d5fdf7f4f04fbe12b89506efb7b31aa1c997e
SHA51264bd9f2eba4fe06dc64f8460fade50688c06a8b7e6bc1934e6e3578dea3c047b701119313f45830601c2b7ca8ce7c5342b52f873d7db818cc0200a5be79ea5cf
-
Filesize
88B
MD53d27540a9498d19d5f165b6a784a263c
SHA13b4db4551b84c9bfe7ff1563bdf261a82bf7f576
SHA2563657e74b8dee1643f3864c3252f65dc94a6325df933bd2a7ff405a1f35d5cb68
SHA5127d7d2e89997d1d5a092174529db54cb70e3f437ba282517e2f41612f4928aa31f8845fee207e2ea044cc088a0f65c79dc216d3fa707fd044e9d36813e6da41d2
-
Filesize
154B
MD5291b90d751ce1f9fd65f82231c23de4c
SHA1e58ce93cff4e72a091daa708efc485ca4dd889f2
SHA256c57ff367b1f4430841d6386d9aceadd69d4d5b622abde48b566d76769e1df8e9
SHA512ae90ef9239c4e34f522766813fd3175babbf99b18d1ceaa644a2bb88dea038e2c46062385a6d1bc5f7424808019f6bde10750bb92e50a216494f6e7178890650
-
Filesize
147B
MD54d8f3d2b108e4d2a7fb3cebffb6c0b2f
SHA1c056ec777c78a888924636f82cb605b088d671d3
SHA256818ba65eafba8e325e09f8332986814215ff80c0eb13aba86043e4826d77b906
SHA5123aa37bcec570fbb69c106ce8a61111e382a76807d3518f9d506e392f8b1c6a302f30ce040fa18c0b18187735dc7b3385f65c924cb5bbebe53fe5acff3ac987ef
-
Filesize
3KB
MD575a412750d966f9f97e782989d76aac3
SHA1eee15445018f255d10d379715b5f4f86d3945e15
SHA256fc44deb3b0b557c9b7660cb921e435af6f90b06a59fdc1ca3824494e553836f7
SHA512479fe6c44dc0cad8eb51ae9f97b7f7fdca731dd3819b23279547891ffe001d4ed1e8b3ad75093d2c9c6597af1524ae1bd53d76e7789971202d939ea43f8fef33
-
Filesize
4KB
MD540f9c9e6683c9da369d78d01b5ba86c1
SHA1bee86ee6488c9ddc0a0c7ded682c068f9d91baba
SHA25678ee0c0c7d5a57501bf1e319510796930f59035e4039839dfa5a021821617a59
SHA512f40652b9e24304b14d4f10e6f4c66ba22beda55cf2b5d44e233fbc75c5ee5c2494f10d8c5a8b407f6c4d281f7a25f916f9c15764b3739190a41d23969cca48cc
-
Filesize
2KB
MD5e4e313eb3c7f5a5d89435efc0b451fd3
SHA17cfb168d69772e0d97ed35e7a0707ab52657b50c
SHA2568b32f7baa1197c123d15cec0668c3563c4b3ebf32bcbdfde141b05165f8b12da
SHA512d362781751129e24513ff48a117afb27f7ef0f1fea17b306e955e7d9c1af5c8f8441ef1ba882747cee317ac0f1518dc0b294b30c754600dcb7a6a92c37df7fe6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5e93c337e7ddb8531ff2d45b7d156536f
SHA13d7aa3b1546e8beda906090b682a869e9441fb0a
SHA2569ec7dc33083c45b8879aa8a259e620ddf187d3ce8494089b1f848bcffbf390de
SHA5121b6d74d56ebf1bf854f2b2f374a8782b6c6882c1332113b0461806c8018ec979885c07aa37ca0fe5567d2bb0e38b657624ca30c70e1046f913a02b86fc5b896b
-
Filesize
152KB