Overview

overview

10

Static

static

10

d52f104c38...kes118

windows10-2004-x64

4

Resubmissions

28-12-2024 23:57

241228-3zns7awjht 10

28-12-2024 23:56

241228-3zaasswlgn 10

08-09-2024 22:19

240908-18ldbaxhql 10

08-09-2024 22:17

240908-17h7ka1ajf 10

Analysis

  • max time kernel
    83s
  • max time network
    73s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-12-2024 23:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d52f104c384740e68eda96add7bebdc6_JaffaCakes118

  • Size

    53KB

  • MD5

    d52f104c384740e68eda96add7bebdc6

  • SHA1

    16be23ec613873e436d29799989dd6993bc5b443

  • SHA256

    ccca86e4353f1732ac205a97134db8f72481d9aa9f21197faeccbcab4fa2b680

  • SHA512

    440a7a2be0020374ade2e0090fcdabe06c5f14aa4eab73d1f251cf90fb8ce66475297157be0e82a501f5f1f93f74e4599f19e989bcc75e5df929714c039c970c

  • SSDEEP

    1536:Wg94IDHy7mVj0JBsmtA00IXNgpY+t1KVt5hRS:x94IDImVj0xNqt0bhRS

Score
4/10
discovery

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 41 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\d52f104c384740e68eda96add7bebdc6_JaffaCakes118
    1⤵
      PID:552
    • C:\Windows\system32\mspaint.exe
      "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\UnlockMeasure.wmf"
      1⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1124
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
      1⤵
        PID:768
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:5096
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaee47cc40,0x7ffaee47cc4c,0x7ffaee47cc58
          2⤵
            PID:5028
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,14726398736529476452,13351773802618666000,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:2
            2⤵
              PID:1620
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,14726398736529476452,13351773802618666000,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2100 /prefetch:3
              2⤵
                PID:1004
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,14726398736529476452,13351773802618666000,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2516 /prefetch:8
                2⤵
                  PID:924
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,14726398736529476452,13351773802618666000,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
                  2⤵
                    PID:4832
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,14726398736529476452,13351773802618666000,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:1
                    2⤵
                      PID:2544
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4536,i,14726398736529476452,13351773802618666000,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:1
                      2⤵
                        PID:3688
                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                      1⤵
                        PID:2872
                      • C:\Windows\system32\OpenWith.exe
                        C:\Windows\system32\OpenWith.exe -Embedding
                        1⤵
                        • Modifies registry class
                        • Suspicious use of SetWindowsHookEx
                        PID:4092
                      • C:\Windows\system32\OpenWith.exe
                        C:\Windows\system32\OpenWith.exe -Embedding
                        1⤵
                        • Modifies registry class
                        • Suspicious use of SetWindowsHookEx
                        PID:2436
                      • C:\Windows\system32\OpenWith.exe
                        C:\Windows\system32\OpenWith.exe -Embedding
                        1⤵
                        • Modifies registry class
                        • Suspicious behavior: GetForegroundWindowSpam
                        • Suspicious use of SetWindowsHookEx
                        PID:4204
                        • C:\Windows\system32\NOTEPAD.EXE
                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\d52f104c384740e68eda96add7bebdc6_JaffaCakes118
                          2⤵
                            PID:3348

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                          Filesize

                          1KB

                          MD5

                          765bde4cc65b2076548d6988221c0eea

                          SHA1

                          5a20323c9794decb587d744130435282e800ea2f

                          SHA256

                          e4b5f9b4dc6c0524b72443d1b9d8ab14c11f38728c3ee763c2b77e08630ce4fa

                          SHA512

                          3c3d74e983e2b097b707bbef3fb3417002dcb97bf1d2a4873378baacb96d5631549ed576e5a6bf9c03170a0bb8b7b344360ad24dbaa09cdd14d9988152a24a64

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                          Filesize

                          2B

                          MD5

                          d751713988987e9331980363e24189ce

                          SHA1

                          97d170e1550eee4afc0af065b78cda302a97674c

                          SHA256

                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                          SHA512

                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                          Filesize

                          354B

                          MD5

                          79b6a981956879b4deb0f9fbd8acaeaf

                          SHA1

                          c2e736a1b78509506d53ccc872a35a8a75e1db61

                          SHA256

                          603d19ad1e84fd1e7024ec04bc3517511c99f5bb20c196284a870c6713078501

                          SHA512

                          298a27b37b511bd302513427cd5aab378cdb0c9aeac98091f1d7b17205438219fe8ace90fabf18430241b58d6712c67bebccd9d3b553c0952fd9ec8f05f47f96

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                          Filesize

                          8KB

                          MD5

                          f846e557f020519800a5d004b271fa1a

                          SHA1

                          c580773777f671aae041dce39467326ec1a7f6f7

                          SHA256

                          e3469b6cec1c9dd9a1e29994e521300589d259d4c1e375f9d90c2d7804f9876c

                          SHA512

                          c1a91f2d0983c05f79b53563a2e4080cbb42a1e98915e11ac1f90847f6602dac7d698d208d969eff5bb95510c5a1f3680844d30c10ab905096b1e3dbba32b99c

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                          Filesize

                          116KB

                          MD5

                          bccf693795fe65a99173ad09406f0cac

                          SHA1

                          386ffcdb1c69badb7271a5db1ecf0c2b4b660c27

                          SHA256

                          840dd072042cd4545d9cc4f4dea21b39ffe91e1b2b46d247d0d6a6e09d59e7a8

                          SHA512

                          2c7a73f9dd670fb5c0bd5b25ffc9e8d0cb6262552ed7ca3a287e6a67df7eb52d6509d520b32a57b76ff372e89a6dc5a63c5b41a236bc46375798811973354702

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
                          Filesize

                          264KB

                          MD5

                          f50f89a0a91564d0b8a211f8921aa7de

                          SHA1

                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                          SHA256

                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                          SHA512

                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                          Download Submit