Overview

overview

1

Static

static

1

f1bed12d73...8.html

windows7-x64

1

f1bed12d73...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-04-2024 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1bed12d733201df4be5df3133444595_JaffaCakes118.html

  • Size

    21KB

  • MD5

    f1bed12d733201df4be5df3133444595

  • SHA1

    22f187ca9928b1912d1fe27374e66f6a4ea88be3

  • SHA256

    e3b2b07ecbc1cd7687a32156572169aa787e4737ca4e982cef69f0a7d18b38d0

  • SHA512

    31c3341cc5ea918be92f9460a83b0ab4022780652190edf0ef59db2700b7cadf3b42c1bc5ad2f941b31ba9d7bf9e92f5782ef5f6a6c3beea76fe651b67b0bb2f

  • SSDEEP

    384:SLlIcqt2423THN61+7M7e861sPN6Z8q/gRz6guLZ:cZ61L61x8ogF6xLZ

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f1bed12d733201df4be5df3133444595_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:724
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80d6b46f8,0x7ff80d6b4708,0x7ff80d6b4718
      2⤵
        PID:4168
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,5090276055844104353,14561075624966021348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
        2⤵
          PID:1252
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,5090276055844104353,14561075624966021348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3604
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,5090276055844104353,14561075624966021348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
          2⤵
            PID:3584
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5090276055844104353,14561075624966021348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:3864
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5090276055844104353,14561075624966021348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
              2⤵
                PID:2644
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5090276055844104353,14561075624966021348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
                2⤵
                  PID:4040
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,5090276055844104353,14561075624966021348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 /prefetch:2
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:5072
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:3132
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:1916

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    e36b219dcae7d32ec82cec3245512f80

                    SHA1

                    6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

                    SHA256

                    16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

                    SHA512

                    fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    559ff144c30d6a7102ec298fb7c261c4

                    SHA1

                    badecb08f9a6c849ce5b30c348156b45ac9120b9

                    SHA256

                    5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

                    SHA512

                    3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                    Filesize

                    111B

                    MD5

                    807419ca9a4734feaf8d8563a003b048

                    SHA1

                    a723c7d60a65886ffa068711f1e900ccc85922a6

                    SHA256

                    aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                    SHA512

                    f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    6KB

                    MD5

                    f4fa7fe33df0e3c34de5082c7f4be4e4

                    SHA1

                    aad7088e6f2b8b74ce5d6239bbd971f00ab6adb2

                    SHA256

                    8b8517e0108231ca4c2cb1be3bcdad88b4ddfc3e713d35ce75941fd1f354af0d

                    SHA512

                    79ff1f526e25bb8047e76e89e3cc0091c98d49fceb08f52f8badd8c793fb4a62909813db8e82010947a276081ab7cb806f6e5d6b9ea40709233ef3408e368e37

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    6KB

                    MD5

                    2497bd2b044ee6a9fc4ab3f06921f102

                    SHA1

                    d9ca3c29d0407c380481bde38e8075d0be408723

                    SHA256

                    a14a2819494ed603bd5f17dee07cf684c0b4d34a00a0d7eda766d519a4f475d0

                    SHA512

                    43721dc81cfdcb51d01a92e301ac1d7f68058a94eae28397d4c7bfe90ef7af9158ef74570f043160be3edd5ddbf96e5d4fd3df6786ae84f1cca7bd982018deca

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cc278a0b-dd42-4c7b-8185-f594a9218881.tmp
                    Filesize

                    11KB

                    MD5

                    265bff526615d44d518a660551e4a6c0

                    SHA1

                    9cff7443cde33265e4e0852370eeb880133810ef

                    SHA256

                    8225ec4576c45f787372780194230285224a5d6ebbdea3f734b9ee84371811a2

                    SHA512

                    43db4f96bf8c92fc329d1afceaa4d845f08037505b15915ceea7675872d4503555b45b753597d774af8e8fe286132a1de56f9a93443389228d83a6aa354a5d30

                    Download Submit