Overview

overview

1

Static

static

1

0eaa35f7fe...8.html

windows7-x64

1

0eaa35f7fe...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/05/2024, 13:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0eaa35f7fee22f346a8fd23ceacdd515_JaffaCakes118.html

  • Size

    70KB

  • MD5

    0eaa35f7fee22f346a8fd23ceacdd515

  • SHA1

    90c9cbddee4d268c869bb6ca76110c19ec094062

  • SHA256

    ccf06f7e2c9db63ac3c752e3c91a4504c1dd6b16b90eb4ed852ad9f35d6b2d53

  • SHA512

    53ce29b54386e4cc5be230c981267e29edc8897a002488d42074e4d999db76ce1a7204fb5918012048e93f9277c9bff28aed4982bac1db0f2715b71cc09eb03e

  • SSDEEP

    1536:S0t4ahZ06ENNgg6666tt33mm+9G7/jPWxh/6Y/uotGa2D:SG4ahZ9GjDWB2D

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0eaa35f7fee22f346a8fd23ceacdd515_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bd5946f8,0x7ff9bd594708,0x7ff9bd594718
      2⤵
        PID:4880
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
        2⤵
          PID:3280
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2848
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
          2⤵
            PID:1688
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
            2⤵
              PID:1996
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
              2⤵
                PID:748
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
                2⤵
                  PID:1704
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
                  2⤵
                    PID:2204
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
                    2⤵
                      PID:4916
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
                      2⤵
                        PID:1300
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
                        2⤵
                          PID:4272
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3632
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
                          2⤵
                            PID:3516
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
                            2⤵
                              PID:3040
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
                              2⤵
                                PID:5252
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
                                2⤵
                                  PID:5260
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,10094279918570368281,11928457333758967601,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6600 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5764
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1428
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3844

                                  Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          4e96ed67859d0bafd47d805a71041f49

                                          SHA1

                                          7806c54ae29a6c8d01dcbc78e5525ddde321b16b

                                          SHA256

                                          bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

                                          SHA512

                                          432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          1cbd0e9a14155b7f5d4f542d09a83153

                                          SHA1

                                          27a442a921921d69743a8e4b76ff0b66016c4b76

                                          SHA256

                                          243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

                                          SHA512

                                          17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
                                          Filesize

                                          22KB

                                          MD5

                                          5e74c6d871232d6fe5d88711ece1408b

                                          SHA1

                                          1a5d3ac31e833df4c091f14c94a2ecd1c6294875

                                          SHA256

                                          bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

                                          SHA512

                                          9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
                                          Filesize

                                          168B

                                          MD5

                                          51206f23d75f2cce8ba586deddedcdeb

                                          SHA1

                                          42aca914afddf810146877905bb6532063fc0d0f

                                          SHA256

                                          714e4617a5b68723794e3f8ab40ef344f067381db241865789c3a0734982f80d

                                          SHA512

                                          b3baeeeaffc619066dbf54b3067b761c0e2526da9dfd93e00846023331cc29a1543eaa5cadb3724c4e690b575a1fdbdcea8c11d5c5416a6c8c54347c243ef397

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                          Filesize

                                          144B

                                          MD5

                                          abf1d41523d45af98adb60553a7f6429

                                          SHA1

                                          da9b2718246aaf3d1c093a570ddd5a717c70183e

                                          SHA256

                                          81be1bc88edada8e9d33ed4c48ed74958cd8c07370ea614e0f624f78e940ded6

                                          SHA512

                                          5f63419bd6976c9ade50f2433e16ed0125e9b6950e2c7024b3eab9fef77fdec9d5179b785af09fe279fcf5ece7fea454f393da08563a678b10b330e6833c9124

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                          Filesize

                                          1KB

                                          MD5

                                          6f494fbb8b86570b2d6e78b5bbfcf68d

                                          SHA1

                                          35db3d66729fb9ff693b334cfef150a588831053

                                          SHA256

                                          e9027574a95d552339f9ccbf2984553e9b839409ffee6c1ebdf7d848decda285

                                          SHA512

                                          ec6d6e9f99e1c8ce03f1f2bfb4b1614d54c5b6fc97ae0e624550f554c3717bc8c5f837cf89251b2dbd3efaa1b5f9af56e5617dca93e7be3b825ede9f6a87bb65

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          575d1892dc12db0328bdc7d69cfc2494

                                          SHA1

                                          56c6bc5792f0b8e392aa5056d1e1d8433488cb4c

                                          SHA256

                                          fe737878f68943f5e47ae5d297cca849a303fee56baa53ceefc4198a6bf5fc06

                                          SHA512

                                          8e835e49b0e7807bafdecac82b0daef03b628c312133493be8eabc7ff357ae83a6942839beaa01ca7a2ab480f9d4639dd1e1a32e0e032e2aefae536afe733532

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          5KB

                                          MD5

                                          4ad96551229ad676595ead338227293b

                                          SHA1

                                          829b2f959ee4d199e4c5bcb870df93db59619dd2

                                          SHA256

                                          29b43c34d5b4c4103df46ff5cbf71bced2f38929dc93740a6fb8038d1a98ac68

                                          SHA512

                                          5d001a11da8c1024f541dce62446062b20a835179bd524e1704aa52b7e53273b051bf9390c175cde621ac378ae14bc3532c209824d9c463311c3f7420bc6eb12

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          7KB

                                          MD5

                                          993300d54520c4503ba123721cd6b933

                                          SHA1

                                          c8705a0a453cf22e59d80fd51018e5dd88006d7b

                                          SHA256

                                          c2c178fd4af69b3b00c3691146288e94914687269d680bb6ddc0b765e6fa4483

                                          SHA512

                                          831e1d37aa9b538e5ca1d6ab174ebe7aa3b886c58ea7b1f644148222b3e01d499b5c66af06479fe61828ce996d1c26dd59d6487ee43935d197f20c76f1d8eca6

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          7KB

                                          MD5

                                          dee5db9bc288c08f4875a306566157f8

                                          SHA1

                                          69b0443d5d48ac790f6148f445949c49cdcc5f06

                                          SHA256

                                          6774ae462e12c3ca96606262b00ae4717bd09e5451b51aaadd616d43696f0101

                                          SHA512

                                          37ef89548233b04d9beb0c7c2840f44984335a23e21b5e264f70e5206149bab344c8f25fc9c29b60e581ef5a97428b82b561020b9b35546631067cd2ed3dd254

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                          Filesize

                                          369B

                                          MD5

                                          38f7cd0c81b2d9c1633398f7754f48fa

                                          SHA1

                                          d6831cb722d9ae0183cd3a58a2a704c9774a17ea

                                          SHA256

                                          c049b525eef77bc1b3806f2d069bc61b834796d367aed896ff4457a47f12f6c2

                                          SHA512

                                          d8af43852f9506b5c1ac8db1443e2727737f0d2655876f64847b73d481231b68028e5dffc74afd76517fd2d8d787f04f122298352fccbc16c656990e89a9d5b4

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b71b.TMP
                                          Filesize

                                          204B

                                          MD5

                                          35e078835e4263b6a7fae1639e393f49

                                          SHA1

                                          6d125ffe6de90c07c6b33f67e8523fef0a04d584

                                          SHA256

                                          bd02ad34c4c10b863ff7b247ab72f91b74e1783f1f0007c24cd659ee2f34e8e1

                                          SHA512

                                          854c5d8f93e0eeb8feacd390b39c326b9a72a38356cf5370862fc022c7d847833cd563fc03bcb3f38e646b63beb6fe23dfe63e0631d1c611e2bd30d568719894

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          6752a1d65b201c13b62ea44016eb221f

                                          SHA1

                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                          SHA256

                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                          SHA512

                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          11KB

                                          MD5

                                          ed25e811b283795cbbd416917e9352d7

                                          SHA1

                                          0c564495f5770417ff7fe77c2e190d90d315afdc

                                          SHA256

                                          9a94cca2c336ae64563971ef74be36ce4fa59f69351424cf14d333cd2e0324c8

                                          SHA512

                                          8c092555e688e53513b6d60273c443c6c85129cb5174d3a4608d4b25b9e5d1bf11eb73f4d1648f54bfd9823846ef28677023b7e3de05107df55ff2a4d2c29a01

                                          Download Submit