Overview

overview

1

Static

static

1

21efdde034...8.html

windows7-x64

1

21efdde034...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 22:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    21efdde03439db4ed70e586a17cab603_JaffaCakes118.html

  • Size

    36KB

  • MD5

    21efdde03439db4ed70e586a17cab603

  • SHA1

    8bab6fd9e58ccbb1f397286c5ab2198d91a1b548

  • SHA256

    dadf7a54b10c5ea8f689afdecb2648fbb5941451309cad44a7218c075b1f1a3b

  • SHA512

    9477bfcb84c348920a0318a9f723e7f13c4b0eaf0d6a6bd3256e4606d27cd06e4d5071a3ede6dce1a26b1ef65dd53869a687cf3467ff3ed28d2675bd6e3303cf

  • SSDEEP

    768:zwx/MDTHWI88hARaZPXhE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TJZOg6DJtxo6qLe:Q/vbJxNViuCS+/E8bK

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\21efdde03439db4ed70e586a17cab603_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4604
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9650c46f8,0x7ff9650c4708,0x7ff9650c4718
      2⤵
        PID:3068
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17776748138659031869,2786636823548695233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        2⤵
          PID:1944
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17776748138659031869,2786636823548695233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4872
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17776748138659031869,2786636823548695233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
          2⤵
            PID:1560
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17776748138659031869,2786636823548695233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
            2⤵
              PID:1776
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17776748138659031869,2786636823548695233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              2⤵
                PID:4364
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17776748138659031869,2786636823548695233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
                2⤵
                  PID:3720
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17776748138659031869,2786636823548695233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3976
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17776748138659031869,2786636823548695233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
                  2⤵
                    PID:3152
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17776748138659031869,2786636823548695233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
                    2⤵
                      PID:4916
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17776748138659031869,2786636823548695233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
                      2⤵
                        PID:4684
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17776748138659031869,2786636823548695233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
                        2⤵
                          PID:1284
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17776748138659031869,2786636823548695233,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4972 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3640
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:5040
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3940

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  dbac49e66219979194c79f1cf1cb3dd1

                                  SHA1

                                  4ef87804a04d51ae1fac358f92382548b27f62f2

                                  SHA256

                                  f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

                                  SHA512

                                  bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  a9e55f5864d6e2afd2fd84e25a3bc228

                                  SHA1

                                  a5efcff9e3df6252c7fe8535d505235f82aab276

                                  SHA256

                                  0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

                                  SHA512

                                  12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  613B

                                  MD5

                                  b9d95c10034efb4b7ba9dee3bcb35b93

                                  SHA1

                                  632feb422ac38074b090278a1cf5c3e6eee2a28f

                                  SHA256

                                  86e669f16ca9c59d59417a3eb346e0b09b2a3bdf78d29ea90ca09295de95989a

                                  SHA512

                                  07c87319a68a409084de621087d5344371b0a4712a7b01eadbdd609df7f4392b2110f54d93358dde3882b18629ab1a50b5a439f0ca6d33defcbba69385c5a466

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  f073b66c55f5e5a67b954e15024a92f8

                                  SHA1

                                  521867d1fa1f1e3e6c02b08721ff5207f7213bee

                                  SHA256

                                  461cb7cb2126232b802419439cf8d12af8c765a55eea81320b779549a092a4ca

                                  SHA512

                                  117ea9b333f1d9c1ac9059b25843d46916a5e3537c95907f121a2d08ff8f6fc6e2bbdcec7f38f17ac158e552f7cf64559cf91763046e9417218626758ec30262

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  81c469ec97e0841af70d48aa1bf6a8fe

                                  SHA1

                                  bd09a18f53ba36238d73e1bdef4defe13bcaf08f

                                  SHA256

                                  778e385c0b2d163c2c45fecb672f7ee9cd65bc4cda79889c22c9b0a4c1cfe52c

                                  SHA512

                                  b5bcab68d41a317398013ec21e2c828e8e87c9b824050f5f3d093bb75e82e3b8c8de6dcfe7881bdf595b7ace26b7bb6a8cd32e130a6d64949ffe77bb8c898929

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a536690f-2b32-473c-8271-c340c04a8866.tmp
                                  Filesize

                                  6KB

                                  MD5

                                  9aaa1844ed6ee57bd4692cdbf00f36b5

                                  SHA1

                                  686be970614b7bfcc1633bd7725234516f9790d3

                                  SHA256

                                  e34a01285ca7363f1a6d62a143d0950b688280d782035a6719a32d1f17d86e95

                                  SHA512

                                  500cd68cce011d7f52ad2b32a02b718bc8e58b2739f27c1e08ea729016f5cf5cb95134dc32a78665894c50a91de7cb9942cc43bd722e3330b421d1bda28da6d4

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  61021f10fabfdbfa0ff26a33ae747fae

                                  SHA1

                                  a89345877e6aa2b45e6e6265925dbc26b7f2bdbb

                                  SHA256

                                  e11925182c62b37dd7a0a95f676852684a4b395cd0c1c3325f30d6797586cbc1

                                  SHA512

                                  b7d8735db424a437180c2d05c6f8d89b96f6407d03cb1f82fb0b1a36efed51d656523b5e7fda3eb1e99d836b39f35005d58544af7aad537c7116f1fcfcc703c4

                                  Download Submit