Overview

overview

1

Static

static

1

f31f755586...8.html

windows7-x64

1

f31f755586...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-04-2024 08:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f31f75558635f0251e309c41b357a48c_JaffaCakes118.html

  • Size

    45KB

  • MD5

    f31f75558635f0251e309c41b357a48c

  • SHA1

    2355554b6f268b42de7286b43b3d46a5699ac5c6

  • SHA256

    5b1f3eac5ce55a0bb9c485bd75ce6a4b4a1a86d106b3bb01c66b13fc3cf0dbec

  • SHA512

    7f8a80d9f44fae6a246dec1a96f5eec0fc74ed397036fb6adba1fe997ea497b0e02a1af403eb365de4f85393519c220cb414784efabc5906aac50542dcfc1757

  • SSDEEP

    768:ztX8Jrpje0DnLmCQHNeTCIN1+ISlUsd8lhgHMC5FER8HlDrFDrJki:ztipje0tIq1+IkWcHMC5SR8HlDrj

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f31f75558635f0251e309c41b357a48c_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c26046f8,0x7ff8c2604708,0x7ff8c2604718
      2⤵
        PID:1672
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
        2⤵
          PID:3144
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4712
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
          2⤵
            PID:388
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
            2⤵
              PID:1824
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:4920
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
                2⤵
                  PID:5036
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
                  2⤵
                    PID:4840
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
                    2⤵
                      PID:2920
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
                      2⤵
                        PID:5056
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
                        2⤵
                          PID:3972
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
                          2⤵
                            PID:3964
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7380 /prefetch:8
                            2⤵
                              PID:2324
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7380 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4560
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
                              2⤵
                                PID:3348
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
                                2⤵
                                  PID:8
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
                                  2⤵
                                    PID:5212
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
                                    2⤵
                                      PID:5220
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,17490068779383102250,8564972344141870862,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3140 /prefetch:2
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:5196
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3576
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:3888

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6f76a6a9-eb14-400a-ae5e-8b71092444e5.tmp
                                        Filesize

                                        11KB

                                        MD5

                                        72c5b3f25e929f999d90572c8ce90675

                                        SHA1

                                        cd4669ae5cc72ccfe14d70dc811bf99f4a13b94a

                                        SHA256

                                        ed729ac5543349eb8662918ff195e2468c591d6f5b20da61cc48298d534cafd1

                                        SHA512

                                        ddac3cce1569c995d470ea5a91196b7e24fabbb9c72e52bcd746a9256c5f0d35f291ae027ec600e5819499b05bb707d5784b310c5c3d94fb58cd8cd1b3f02e24

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        7b56675b54840d86d49bde5a1ff8af6a

                                        SHA1

                                        fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

                                        SHA256

                                        86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

                                        SHA512

                                        11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        48cff1baabb24706967de3b0d6869906

                                        SHA1

                                        b0cd54f587cd4c88e60556347930cb76991e6734

                                        SHA256

                                        f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

                                        SHA512

                                        fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
                                        Filesize

                                        20KB

                                        MD5

                                        1dac6f455c0c8e812b43bcbecc7e2096

                                        SHA1

                                        73044b19b864d1bbb2e2b729f1e40284607fec2d

                                        SHA256

                                        f514415dc65f46ac46688541931f2745fa92290f883a4f5ba2c4ad46b2089533

                                        SHA512

                                        2b3e40b6fcca3c5eb82b9200626a932099c85f1eb56f0ac11f562340ca0f0153f73866847bdfb84adb8896b2480ef03add4c6faf3b0c250fdfb2171eb9759e45

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
                                        Filesize

                                        44KB

                                        MD5

                                        57ae46a87a9955c7c61ce5cfebde0bf6

                                        SHA1

                                        2a9297a0e2ee5f4e0a9b1de88ffd2121d5d2ca77

                                        SHA256

                                        891dc8b9999ba1b2d25c1a044b49330b66b86f986478282f4e5950b726e9878f

                                        SHA512

                                        34e51215e347df35ae4cf8420e2148420780f78123a37450682ed92841c6e1dd1635317cae1ef925a001bda733228db0f5de87faa0a10c36cb967e9b70691689

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        288B

                                        MD5

                                        eb1d220ccbad33cf6a71b894c46c4cb0

                                        SHA1

                                        f10b490ece596524be3ca1aafc3cce814b2806cd

                                        SHA256

                                        d5516d9fdb5b1331a2871ac0a9f8e4c537ff4f00a9c6440c193e783c0e6c9597

                                        SHA512

                                        1ea92796200e6ea5b87af25f573b90fc4c66bc6d00768c9bc0e176ba2ca500aab60d2ef1de1503c83dd8fc8233a091217eced3c1a56a15ebf7fe98c2dfd54195

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        264B

                                        MD5

                                        c9db3b3068f948cb71dfd7ab0aa60508

                                        SHA1

                                        19bd737bd5189504755fbed2765d121e0bd8f6ff

                                        SHA256

                                        a43c43209f49533fe5722bfd1b282a73701d683c90807d1e30d3b60e1fa969a6

                                        SHA512

                                        9f8f9bef3877ec7740be91579cce56edb98cf3c48aaa84136342cc7a93bf45c654ca707c5401c4c74a21d985007713b925379f2ed6767b3ac1619d8200ce6b4e

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                        Filesize

                                        2KB

                                        MD5

                                        b04d4bf1caf8ee590d570b89e08d5d21

                                        SHA1

                                        3b8d9246a28d84a3da1fefad95d3040d5af8c9b1

                                        SHA256

                                        28f202f82899178e48767647064a497f65d2a8f2aedfa5cf0fe4f3248cb9332d

                                        SHA512

                                        520eab715e474d5c9155f874d31f861051192238f583fbd8fefb84f5d95559035e56822a20a4477731ce465de3494cb1b95cc528a20a83f26904fce8f3c70739

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        8d743f9b7bbdcaa0fc372b9444fa2e7b

                                        SHA1

                                        fa44a99c157a9022e6cb49120d0d4645f5c5dfa4

                                        SHA256

                                        6fe2d0ead8432673c86486fe82fe3fe34939bf907cc797ee932016fc752b8c2c

                                        SHA512

                                        14d332fb885ee49109099d3ba654df88746a31f80a9aba23b1dfe3c11e059814a8a87a6b47e2f9093bf881829a8e86453b1f53d040d3e45dca37ff89b166853f

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        7KB

                                        MD5

                                        cce805fd2192156d8739930d68cbc7f2

                                        SHA1

                                        19edc1b20ccccc7a32d702cd010ec2282b6edd49

                                        SHA256

                                        52f21d10088ebbddba5d2e0755850e134353d5b4f07044aa036a3e7a4a11ab73

                                        SHA512

                                        a9a6692864867cbdbd50ebc18a2705996ac40b2c7f0dda146cd5036dd88b843a44be97c995746d521f25e2f9e13e38b2f05c23b6de64a6c40141aecb4a369821

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                        Filesize

                                        16B

                                        MD5

                                        6752a1d65b201c13b62ea44016eb221f

                                        SHA1

                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                        SHA256

                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                        SHA512

                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                        Download Submit