Overview

overview

10

Static

static

7

f44cee38b8...18.dll

windows7-x64

10

f44cee38b8...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-12-2024 13:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118.dll

  • Size

    615KB

  • MD5

    f44cee38b8aff02dadaaddf3ff652c9c

  • SHA1

    3ad07318c01d73bfbd904080c14bbb1fbf1a3989

  • SHA256

    ea3c8c87308969cbcf1ab524a047479d5c9dde71574c35d5430f997e9c9f175f

  • SHA512

    7bb8a13c5ecf1fad1f6a781323acf8fd7136bc519350d4bb5044774876cbe964ad231ceadd59893b98342fa961af8c5403e3ff704fffc96384a140463cead579

  • SSDEEP

    6144:EwiwZmLUYSM/mTGxeeKegyQeeaQeewQeesQeeG7QeehQeeFuGhVoQHAMQs06z2dw:EwJwLUYSGmTUZeG1gGussw39525QJzF

Score
7/10
discoveryvmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5080
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c start http://usa-cheater.blogspot.com
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2688
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://usa-cheater.blogspot.com/
          4⤵
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:916
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffcd6b546f8,0x7ffcd6b54708,0x7ffcd6b54718
            5⤵
              PID:4064
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
              5⤵
                PID:4636
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
                5⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2808
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
                5⤵
                  PID:404
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
                  5⤵
                    PID:1232
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
                    5⤵
                      PID:3892
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
                      5⤵
                        PID:4352
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
                        5⤵
                          PID:4412
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
                          5⤵
                            PID:1408
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
                            5⤵
                              PID:1828
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5404 /prefetch:2
                              5⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4780
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c start http://usa-cheater.blogspot.com
                          3⤵
                          • System Location Discovery: System Language Discovery
                          PID:4376
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://usa-cheater.blogspot.com/
                            4⤵
                              PID:1900
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x74,0x108,0x7ffcd6b546f8,0x7ffcd6b54708,0x7ffcd6b54718
                                5⤵
                                  PID:3496
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1140
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2676

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              6960857d16aadfa79d36df8ebbf0e423

                              SHA1

                              e1db43bd478274366621a8c6497e270d46c6ed4f

                              SHA256

                              f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

                              SHA512

                              6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              f426165d1e5f7df1b7a3758c306cd4ae

                              SHA1

                              59ef728fbbb5c4197600f61daec48556fec651c1

                              SHA256

                              b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

                              SHA512

                              8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
                              Filesize

                              29KB

                              MD5

                              4e1a7edbbef5dce98faf8f4c146eeef1

                              SHA1

                              8633e36f7ca391c4588a4e6dba5516516ac2271e

                              SHA256

                              83d530c54487b746a57d2ef71a0fa057969096673d46976e190b8723b7e0fab6

                              SHA512

                              85d406d96ba3950ac4c9506bd6f9e6699b46c114ba4edd8edacb13ffc1600500b62183409bfda3a7299d5fe9a35d668741321a71dead9745ef5f02d0e413f91a

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
                              Filesize

                              19KB

                              MD5

                              504c509e7ccec111dcb2a0736c9a5ba8

                              SHA1

                              6af2353a0d05f0c7ba50f0f93d90c241cf89c146

                              SHA256

                              27129ac0d6cfe983d48b122664cc88738ca59225d8d352486d680d926e92614a

                              SHA512

                              3ee36476c101cc14f23089435038575fd2a86100d2b88afb061728e84d9faa428eef8a81a71c86992096f4b7bd3c0aabf5d0867766351eb1466306459d1d0eb2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              912B

                              MD5

                              616a8b6bcd79a4957d57808d55a70ea4

                              SHA1

                              496132be5f08183bcf73b569d27ff19a4a1aea21

                              SHA256

                              a87709f8dbb05ff8996262ba9ebde823fbc5c667edf36675419bf234792dad87

                              SHA512

                              27af28b8aa757a83e5c0eb8d92dbbab0f4b91e49639ffd2d8c7e8e592d461ae03b774767ebf3225df3e4c87834edb6d42f77688ef070178542ea17f6f7024e73

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              912B

                              MD5

                              819361a899d6acd2a88c7fb4777cf3e7

                              SHA1

                              3bc1a7f5e7277e3f4a2841465d3674b173123e91

                              SHA256

                              9468074b073ccc407427090d60742f092156268ea73fd6baa0d41b3480ac5695

                              SHA512

                              1f5ffa2e1510ff7fb2e0fde2275f15af63de1190c4ec5dc7f6c131d4797ccaebb6e1d24ec89f19fd6bdf2ad3e99a9c4ba3305a5259d492860f7443a8ad159223

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              3KB

                              MD5

                              462410f4817e5551cc0c05a3dd27279a

                              SHA1

                              c78c02d118ebf6aedd021e6f257a94c7da457722

                              SHA256

                              3c5ef84d600c7ed6f26012ebfb6e70617297fbfbefc657112fe00356158a88ae

                              SHA512

                              e663ff185bb932911f8d50e3c3d62c5332ced6993297de8c42736102ad6e3267966e3f0e43927d27a79414ec1a9226682442ed4302e9fdd3e44c74233fff0bbf

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              f684e3db9a026334a322e1b96dcccbc2

                              SHA1

                              e5d31661150c4cfd157492d273d75934076af635

                              SHA256

                              cf7d0b31dcb44c27a9fcd7a5685d951cf6dc8c99bb30d346c99866a0ec6a5c84

                              SHA512

                              30943423ab30939069357c06797f8d2ce4305960edc1ed56cef2771725ac2811c54e0052b9413f764b3b99d393bacf2a2eff768d965d89ca890008762ccda9b7

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              7KB

                              MD5

                              a6ddfe2db9427550cb41dc73d9d619f5

                              SHA1

                              8260f0f76e12d9c302ec3687992d86d2a10855d3

                              SHA256

                              79aebe0a70adc886a4bf59196c27077cf6192aaf6faa1a3c32468df4ce350401

                              SHA512

                              6ddc4e29b5ca30597e9d66cc1fc54bd6de27a060254db9cec527004febe6055eaf4f0396d98582d50289651f24dcb5697ef5e678c1202e46e523f68f2e238969

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              8KB

                              MD5

                              9bd1344d2bed96442eb093197e5c2d74

                              SHA1

                              d0b87a0a0df78e478e80c00394b09bfe6d6b3f23

                              SHA256

                              c7a964244ce8f4ce692c368fc6b3cefd6950333c719df2bce5050376fa1d2157

                              SHA512

                              5a56ea9c66018c592b164ad16af4bdf0204cc98671459a5bbe95223003ddc430d25e8b84cf501297dbc01b780ff091bf8ed945027579dea04a0b7d43b2a180eb

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ff783c1e-197d-497d-be04-b259e3b0bc4a.tmp
                              Filesize

                              3KB

                              MD5

                              5c6706b30a0ea6e2dddeab971d1dfed3

                              SHA1

                              ee063ce72fb8222f9db2f4c1d0ae4fa72d054592

                              SHA256

                              5fcb8f64223a2595555208be19418a1c193785c9146e911a2def87c2a352b3f2

                              SHA512

                              1d3586f09811aa665b00ec48e436b76eeeb02069bda7459a550973d48e7854c72dd5b8ee4d00c656d43ef58f37c00a4813fd147bf59e4f2f2ab9d6fd0f1695ab

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              10KB

                              MD5

                              52fbc590d85f7cd9704d95084c450d5a

                              SHA1

                              d6409ac1bd333946fbefaf753c050d1f3540ebcb

                              SHA256

                              552b39d882d8800c64ed53a9015aba5ecf846f42e7a1084a29b7287dd91152da

                              SHA512

                              223c407246a20bccc306a96c3fe30e06e0e3a86115a3b1ecadbb98ab9b4face99c72fc10281e2e33d89e5302823667f655fc1dd9d0c81e1f7a0850e590f29562

                              Download Submit

                            • memory/2940-36-0x0000000075490000-0x0000000075501000-memory.dmp

                              Filesize

                              452KB

                              Download

                            • memory/2940-0-0x0000000075490000-0x0000000075501000-memory.dmp

                              Filesize

                              452KB

                              Download

                            • memory/2940-4-0x0000000007070000-0x0000000007071000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2940-2-0x0000000075490000-0x0000000075501000-memory.dmp

                              Filesize

                              452KB

                              Download