Overview

overview

1

Static

static

1

212291c06b...8.html

windows7-x64

1

212291c06b...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 17:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    212291c06bd9f482daaad58aec701b63_JaffaCakes118.html

  • Size

    213KB

  • MD5

    212291c06bd9f482daaad58aec701b63

  • SHA1

    79a603a2635b4c0998dd92aa0a72aa8d84db6f8f

  • SHA256

    d3c76926a5fc9f15a6a34a3a8ab1add5937a5bf0ede81848f2e48f6638298670

  • SHA512

    fcc48beb96bb15d4f539175b94dc49f0b58538ab852eb30e4f9e40e026f307b45bb5654fc672717e5c0a4d0eda4c9d039a9bc26c702d226138d7a59bcf9326aa

  • SSDEEP

    3072:SNYwhDkJwbP+yfkMY+BES09JXAnyrZalI+YQ:SNH3bsMYod+X3oI+YQ

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\212291c06bd9f482daaad58aec701b63_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0c0c46f8,0x7ffb0c0c4708,0x7ffb0c0c4718
      2⤵
        PID:2820
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,7851621398989212062,3346123129423390662,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        2⤵
          PID:4640
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,7851621398989212062,3346123129423390662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1544
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,7851621398989212062,3346123129423390662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
          2⤵
            PID:1448
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7851621398989212062,3346123129423390662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
            2⤵
              PID:4340
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7851621398989212062,3346123129423390662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
              2⤵
                PID:1508
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,7851621398989212062,3346123129423390662,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1900 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4376
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:416
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:3928

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  9dc60aef38e7832217e7fa02d6f0d9f6

                  SHA1

                  4f8539dc7d5739b36fe976a932338f459d066db6

                  SHA256

                  8a0ee0b6fafabb256571b691c2faf77c7244945faa749c72124d5eb43a197a32

                  SHA512

                  18371541811910992c2b84a8eae7e997e8627640bdb60b9e82751389e50931db9b3e206d31f4d9d2dc3ca25ea3a82c0be413ecb0ef3ac227a14e54f406eaa7e7

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  7ac03b15b68af2d5cb5c8063057cc83e

                  SHA1

                  9b2d4db737f57322ff5c4bbddd765b3177f930ab

                  SHA256

                  b90d7596301470b389842eecb46bd3a8e614260b0d374d5c35a36afb9c71a700

                  SHA512

                  a5e9f40dd9040803046b0218fab6b058d49e5e2a3ada315e161fe9fc80ebb8d6d4442ccc1c98d19e561fc7c61bcf43d662fe2231cacacb447876a2113c2e3732

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  31f5bee868f24624794d797e6e7adf69

                  SHA1

                  d8355857815dc15e36e6b9c7275cab28ec89310a

                  SHA256

                  7afec4264b67b24e09ea2ca2ca1677797a7397a7d58cf5af3ee69132345df0fb

                  SHA512

                  44ded1a57623a38953befa67bbffdf5aa991b52d5cd0a61d684bcae77085e7ddebdd952fc271f94057fef1da068510d0bdd4a3660879fa18f2345b37fd352f95

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  5cc150770ad8bfbe8476a2ecef5237fb

                  SHA1

                  5358a59f02b31c6f676cf3ee89120013fcff8a16

                  SHA256

                  e47e7cc6d50ea06eec728131d087106139663ce41627ac4e4337b6e8f92296c9

                  SHA512

                  ed8ccdf6638cd06dbca0808c92577db89a843091060a7c751e0a31b0fcf64190a865c1c20acb9315d112e67ea9e7cfbeafe273b6a259d7090dd48f9238e8f499

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  11KB

                  MD5

                  83b3a1c0d0cccbc008f8658e855af7b7

                  SHA1

                  4e851fe601a528adaccc4833894d5147e4c23a31

                  SHA256

                  0a483702087be1837a4364a0be39dee0d27c245b46dc80edaa65e3b8185d91b9

                  SHA512

                  24545f3b61b0a7f2467fa514a9cc55c5360cf03515df1fb6fe8e250cb42a6f98193bcb7dfae8a28453b8d1bfd42c7be51bf8f0c57d2b8ba8149615e41eda6b66

                  Download Submit