Overview

overview

10

Static

static

10

JaffaCakes...d87fe7

windows7-x64

3

JaffaCakes...d87fe7

windows10-2004-x64

3

Resubmissions

29-12-2024 09:01

241229-kzddcaxqfj 10

29-12-2024 09:01

241229-kyvw1axqel 10

Analysis

  • max time kernel
    253s
  • max time network
    259s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-12-2024 09:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_d12261e8c587b7d96aedc0215c6c35ad0035230067bbbb5b6ef6e6aa9ed87fe7

  • Size

    296KB

  • MD5

    46650249d5816c662e8639e3e9f6014f

  • SHA1

    6378e5a8bd3bfc02d144ea2caf723eaaad6424ca

  • SHA256

    d12261e8c587b7d96aedc0215c6c35ad0035230067bbbb5b6ef6e6aa9ed87fe7

  • SHA512

    47126d8d76fb1b0d774cc1e76ca85bfc70b065c1a706b73f1aeff456bd3363b5b7c57496af0b29089d68f25de0c65658954587339c4a3c41cd6aed812a4a714f

  • SSDEEP

    6144:nnfC1FRZQP6GcUoSSwu5To9EPjgwB/3iQl7p0zhZU+6:ncF2cUoSSwu5To9EcwB/3iQlNEhg

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d12261e8c587b7d96aedc0215c6c35ad0035230067bbbb5b6ef6e6aa9ed87fe7
    1⤵
      PID:4880
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3684
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault5879f3e9h80d5h4726h87beh03eaddc94a8e
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:4912
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcea5f46f8,0x7ffcea5f4708,0x7ffcea5f4718
          2⤵
            PID:3712
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,5576517870826806637,6710103157962760408,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
            2⤵
              PID:1420
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,5576517870826806637,6710103157962760408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
              2⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:1636
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,5576517870826806637,6710103157962760408,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
              2⤵
                PID:2360
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:180
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:1772
                • C:\Windows\SysWOW64\DllHost.exe
                  C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                  1⤵
                  • System Location Discovery: System Language Discovery
                  PID:720
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
                  1⤵
                  • Modifies Internet Explorer settings
                  • Modifies registry class
                  • Suspicious behavior: AddClipboardFormatListener
                  • Suspicious behavior: GetForegroundWindowSpam
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of FindShellTrayWindow
                  PID:3264
                • C:\Windows\SysWOW64\DllHost.exe
                  C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                  1⤵
                  • System Location Discovery: System Language Discovery
                  PID:2524
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta98fcb7ah692fh4c0fh8b09h8f5349ca4263
                  1⤵
                    PID:3124
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcea5f46f8,0x7ffcea5f4708,0x7ffcea5f4718
                      2⤵
                        PID:3064
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11993664871401472767,18446306026420042645,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
                        2⤵
                          PID:2752
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11993664871401472767,18446306026420042645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
                          2⤵
                            PID:2960
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,11993664871401472767,18446306026420042645,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
                            2⤵
                              PID:3852

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            f426165d1e5f7df1b7a3758c306cd4ae

                            SHA1

                            59ef728fbbb5c4197600f61daec48556fec651c1

                            SHA256

                            b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

                            SHA512

                            8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            6960857d16aadfa79d36df8ebbf0e423

                            SHA1

                            e1db43bd478274366621a8c6497e270d46c6ed4f

                            SHA256

                            f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

                            SHA512

                            6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            4ea4f6841e5032d512b1ce54fd6bcb60

                            SHA1

                            51230cb5cac3e4e2cd984a09fd921ed8baac5ae8

                            SHA256

                            c2165ccc618cc6f1cf3f31d0c83cbe76ad5a7a18ce5da236e5e26332118b352e

                            SHA512

                            eb28bbaeaad3fee85021664bb241823b7816cd76a785d99c3430c2a2fff9076b6698309cdff269eab20e506bc4a5a55126ba53da2866af29213185460c426dee

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                            Filesize

                            347B

                            MD5

                            e7cfaaf2e7822932f52bc0d2cb82661f

                            SHA1

                            13a4a356a4aaf9279cb61110b2edc841d4a279dc

                            SHA256

                            2d9d1f60f9a6e13a4601982760c29ceb529daa1ae49e9121fe2f3274ed453f26

                            SHA512

                            086d61a3549bfb6a6f760e889058db8956d9f639cc36734e30f9ddcdc93e42b3d1f26615f71e3e4f9de52678c2cb9fbf2dbcbbd92fb9bb2d37e97f7f8bf7e450

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                            Filesize

                            323B

                            MD5

                            54a87498d9a0cb60f00dc11598f2b0e0

                            SHA1

                            0d569535d291529e18b6a78abd65899784a1fc62

                            SHA256

                            86372329604a71e6ec9fe650bc6b264ea164737cf66a6bd0e2c75f6f6ae84634

                            SHA512

                            9a7542c1fcc4005583002280df282c176c7d42951f5d2c325fddaec0ac3696d076c59e10d53339a97639f6208716231a2d9f869c4c27e7179e022141376fbba2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                            Filesize

                            11B

                            MD5

                            838a7b32aefb618130392bc7d006aa2e

                            SHA1

                            5159e0f18c9e68f0e75e2239875aa994847b8290

                            SHA256

                            ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                            SHA512

                            9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            8KB

                            MD5

                            34ff0357c72116080998062c0c2da069

                            SHA1

                            bd7811e53252dc3d6b027952f697b9b6eafab50a

                            SHA256

                            533a915229add4e34a78156416b331bc247924a987b02de0726b525e329ef67f

                            SHA512

                            02df090abdc0c11ffe1de6c6e45a9828780e9d3ac59170485cd62b2381bc7f9a593fe2c67443d95587c244dbcc8c81923fc51e2948df3604ba9b091a797b17c9

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                            Filesize

                            264KB

                            MD5

                            f50f89a0a91564d0b8a211f8921aa7de

                            SHA1

                            112403a17dd69d5b9018b8cede023cb3b54eab7d

                            SHA256

                            b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                            SHA512

                            bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                            Download Submit