Overview

overview

10

Static

static

10

JaffaCakes...2a.exe

windows7-x64

3

JaffaCakes...2a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2024 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_1fab9fc9e8d75809680e847f039c052a.exe

  • Size

    369KB

  • MD5

    1fab9fc9e8d75809680e847f039c052a

  • SHA1

    52ff303fcc2b2cef168fe078a46d3eeff6ee19dc

  • SHA256

    2b404fb3d9c89fdd5a31a1407a6fb08976fd3b1b451d4968de8c4c930645f988

  • SHA512

    93cc769ebf64da46b280b7aa6999d2f4216c5668390ba4ac62f827c297175d28a34366427d021f8d38257b6281d202ccf038f1e8c9ca9de4ca3efb3b9aa4a27b

  • SSDEEP

    6144:aVWdtcJPqwwlV8eCeEUSmM7iGuF6I/jcsNMihkHx8CtxHx8CtPmj490tn0:awcVTwldCeoV7iGuF6I/jcAPfCuC4jty

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1fab9fc9e8d75809680e847f039c052a.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1fab9fc9e8d75809680e847f039c052a.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\System32\rundll32.exe" url.dll,FileProtocolHandler http://updatesa.multitheftauto.com/sa/trouble/?v=&id=&tr=loader-dll-not-loadable
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:684
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://updatesa.multitheftauto.com/sa/trouble/?v=&id=&tr=loader-dll-not-loadable
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:5052
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab01c46f8,0x7ffab01c4708,0x7ffab01c4718
          4⤵
            PID:2172
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,10150545913667838586,8138024520989178957,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
            4⤵
              PID:344
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,10150545913667838586,8138024520989178957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:1232
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,10150545913667838586,8138024520989178957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
              4⤵
                PID:1228
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10150545913667838586,8138024520989178957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
                4⤵
                  PID:1532
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10150545913667838586,8138024520989178957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
                  4⤵
                    PID:2516
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,10150545913667838586,8138024520989178957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
                    4⤵
                      PID:2360
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,10150545913667838586,8138024520989178957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
                      4⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:972
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10150545913667838586,8138024520989178957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
                      4⤵
                        PID:2456
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10150545913667838586,8138024520989178957,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
                        4⤵
                          PID:3260
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10150545913667838586,8138024520989178957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
                          4⤵
                            PID:244
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10150545913667838586,8138024520989178957,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
                            4⤵
                              PID:3716
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,10150545913667838586,8138024520989178957,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5148 /prefetch:2
                              4⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1572
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2724
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3348

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            0a9dc42e4013fc47438e96d24beb8eff

                            SHA1

                            806ab26d7eae031a58484188a7eb1adab06457fc

                            SHA256

                            58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

                            SHA512

                            868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            61cef8e38cd95bf003f5fdd1dc37dae1

                            SHA1

                            11f2f79ecb349344c143eea9a0fed41891a3467f

                            SHA256

                            ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

                            SHA512

                            6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\32cbb463-df69-467b-93c4-151536bb5e62.tmp
                            Filesize

                            5KB

                            MD5

                            81629299c5f9ff61230d648b7fa65a2f

                            SHA1

                            88fd5ff7b993120e458439bf902a2d711bbac485

                            SHA256

                            939e10ab6d678851aa929ba4ae2bf8df8bace9227963f94603a3417c22995178

                            SHA512

                            74caf945905c6ad1d40f891b8e275eb35bff62cdb0e5d0cd60101153e737d561cc786b0abd921da960a7633a9edf220968614a6ef1c83998984f40c464541cae

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                            Filesize

                            120B

                            MD5

                            6a4e55adee08d47fca6925ea979639e8

                            SHA1

                            549e592c80a837bd4c1f78422e507f502ed927b4

                            SHA256

                            2fb6f478f14029e6d4b7a1b41e64299f5652775cc187d244c675f7ccd1f71ec0

                            SHA512

                            d6d4a5e2e876bbae37a3a46bf78cdaaee339efb27892487f65e19de79c7b60f549b452c4d53caf0b4bcb0e24487d993a92c0feb671f95a6ffd0f1a5c921a1d0c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            1KB

                            MD5

                            4f904ec9f8f1f65636eaffc6b46e2bf2

                            SHA1

                            9d38560e7f3db944bc32f4fce87b9579527f9264

                            SHA256

                            ba65ddb6d9e4844122029f49ef603a49a6af8375e93f55fed75d726cce8bd683

                            SHA512

                            5872aa143f20371f5d31bf63d9e7f275989612db93bdc4591e2e58691b6be51bcb66195e7304d58258b4b3b9c2712290092758030fdc92ba95b7b3f7c7fe8aca

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            f01661053f5d71d28461b291459b9b25

                            SHA1

                            eb540208c9e7dd6a179b571aeb373e2e51a1d54f

                            SHA256

                            f86f5dd29b424c4fbda3897aa8d2f85fd8d8c6f2907f49fc3d4b767b6fd5092d

                            SHA512

                            397d5385d4b3b2ad21cf94ac7431dda5caf4f24e695ec2e4905ce3fbb2553ca0b509a8fff7676f41c13f0bb4006efd149e4b2d5e74e29e4a3c06a5a4dfcae53b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            d3ebeb080516d74b2958dc3da963f567

                            SHA1

                            50247b60ecf766f331c72364ef695b7cc909fd2f

                            SHA256

                            9d46ec6ff77ae38675d778119ee3cd1a6c8292ede7b7afec3ed5085277848925

                            SHA512

                            6f2b0de39a1e32449a4910a6c40566e61b3424034c998abce05db4076a8263514f4356229912f14c652de906b4a7aa2ca7fdd8002ac1539aea756fe8e2588319

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            beea60022ddc949d00580ca13d1bf7fd

                            SHA1

                            bc9267cb5aa97f0cc0e4340fedd590256b37caf0

                            SHA256

                            7c403e9cdcae1a5c2b53774f7a09baa218738f089925bf1ca7680211ce01366c

                            SHA512

                            a373959bb34b496005f496f58429d941a5d6539753e86b8d92608f26ce7ae2332300a9c8ac2b87da1534aeee37c2521521da8d0dda2374169971db00b8f227a2

                            Download Submit