Overview

overview

6

Static

static

1

28527fe3e5...8.html

windows7-x64

6

28527fe3e5...8.html

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-05-2024 04:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28527fe3e5b1969082c1d470880f6a5e_JaffaCakes118.html

  • Size

    104KB

  • MD5

    28527fe3e5b1969082c1d470880f6a5e

  • SHA1

    a2d9d8f6f5bf95f02ffecdc2f3e34f5b087b37a3

  • SHA256

    65936c41c4cb518c4b678fc7eb5216e18835a0d1d6245418e5ecede067d485a7

  • SHA512

    451bd0239483c4120160ef52239ac1887b8f5f42807762ded91c12f265568671d217941035f3cba98bbf9a1b934ba4dcdbe6e3df5303b1305ef5f46d22cf80d2

  • SSDEEP

    3072:AgJXyhGIxqc3nwDzC7cmYV1KdYSbcfrTlVp5op/iqmjqbQ3vVBpcyZ:RJCpA67cAdK

Score
6/10
motwphishing

Malware Config

Signatures

  • Mark of the Web detected: This indicates that the page was originally saved or cloned. 25 IoCs
    phishingmotw
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\28527fe3e5b1969082c1d470880f6a5e_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9f2146f8,0x7fff9f214708,0x7fff9f214718
      2⤵
        PID:3720
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:1404
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:596
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
          2⤵
            PID:2136
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
            2⤵
              PID:3076
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
              2⤵
                PID:4664
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                2⤵
                  PID:2056
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
                  2⤵
                    PID:1252
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3384
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
                    2⤵
                      PID:5100
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2404 /prefetch:1
                      2⤵
                        PID:4004
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
                        2⤵
                          PID:220
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
                          2⤵
                            PID:628
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3164 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1756
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:316
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3992
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2848

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                a8e767fd33edd97d306efb6905f93252

                                SHA1

                                a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

                                SHA256

                                c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

                                SHA512

                                07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                439b5e04ca18c7fb02cf406e6eb24167

                                SHA1

                                e0c5bb6216903934726e3570b7d63295b9d28987

                                SHA256

                                247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

                                SHA512

                                d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                216B

                                MD5

                                cb054b7279f043fadd1ae23724b75955

                                SHA1

                                a908e10633faefdfce332906905bf71d9e84bbaf

                                SHA256

                                2e0fbf39866793bea3930728f2088f4615c443a4c9bc1b428e98fdf5f85b37ac

                                SHA512

                                562a52c573845d9c2a9b833bcc82f945ca929d4f0f333f95dbd2dd06bf7d5ef0158cd44172ec17b129373856cd6da3f999ddddc310d0c7dc1fade85662650503

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                2KB

                                MD5

                                8338ff0ec2bf33ce8bf7ac52c1949914

                                SHA1

                                08859266167cfc0ee96bca901b43a378088a15b8

                                SHA256

                                205eebb39c8b3e46b3b16d5bcdb07a57ab08b97de0728f64802244cbd08128aa

                                SHA512

                                3fb902a75ea5f05138f2bbb55aa067fe5670cdcf283b9c6cc545360908027da32d908e55cf2e63e897b28738fea52652590f2b61e3996ebb0a705c84357b33f6

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                2KB

                                MD5

                                f941bdaa55fcd68531fe10b61343bc75

                                SHA1

                                7c736d8791ba6bd96e5562688e3606b382e6c48c

                                SHA256

                                a10007ecb09bc3b75fbc411a434db42430ecc78b4b92854c321a1d8edf739017

                                SHA512

                                6793510cb24bc45a5e543412cc609c9c075d86d7a24b8a6be35a06f5a153457159183f9f9412be76ce25482f0d969a140d18a9f0a0bd4facd310c1a68d253e3d

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                b2b9d96e6fce3e17ff75549af9ad8844

                                SHA1

                                1c71eded6e506f80cb9482a8c38fb9afec02f88b

                                SHA256

                                cebb0c7c1c370f892dd526a93cbe0449ff3cfe39ff2f9714f6233b1f710af390

                                SHA512

                                7951652d519c2ccebb3a729e1f3fb326269fbb5aca380eb4e2b8e66a387101294059f120cac992323d6ff681d290a2b7f779cb37008d0c1ab2c82d46ce2c9f9b

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                7KB

                                MD5

                                49335b2430f58dee5dae4b1c41d1ece5

                                SHA1

                                f91a36a78fedbc2fe7e5607b79a53b028b6395b0

                                SHA256

                                8af53a672f6805c313f92ac8aafbe8060190b4b8e4cdac3965597872502f23a1

                                SHA512

                                80e443c73a14346d8a4d6f19e3e9840c448997b02dcedd37e8787e3ca76c7c3153c0d3c81a413dd68560090e66f27c76be6ac1bbb13a2941189da6e045deecaf

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d3f78543-e9cd-405f-aff3-d10210a98f9d.tmp
                                Filesize

                                7KB

                                MD5

                                14a7ba6552bfb1e97b029f226ccf70cd

                                SHA1

                                6df26e0749107e32d9dee0eafb9d95e8de2918ea

                                SHA256

                                f6cc60b3ea3ce2065a216662b812bc293ce9d23d06a9e7f557653e84c337271e

                                SHA512

                                7c5730f268fd2b3ee868f9e93d0d626d7934e5d61122cbfd0e8e0b1e6176285770ccdb61fcdd64deaa4918d63fe53d8252c0597ee1db1e9aac8fba44be7b10b4

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                46295cac801e5d4857d09837238a6394

                                SHA1

                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                SHA256

                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                SHA512

                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                206702161f94c5cd39fadd03f4014d98

                                SHA1

                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                SHA256

                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                SHA512

                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                11KB

                                MD5

                                0a608ce16aba574b656518baf4c79c8c

                                SHA1

                                30fa1571889d56c31ae48e15dfdcf0b4ba4f6827

                                SHA256

                                665f589f029f9aa5eedd3d008fd800587cbab55e9efa6c6cd2f62ebedfde1104

                                SHA512

                                95116a5594ac537602cf1365b0ecf30b7b9585726fc31db6e45f4e90f80ba9fe08148c3ad0d9a35ce6e214fd84990b54717fbea195c5667a95fcfc9dd73d275a

                                Download Submit
                              • \??\pipe\LOCAL\crashpad_2552_AMATZOCUTHDCUOWS
                                MD5

                                d41d8cd98f00b204e9800998ecf8427e

                                SHA1

                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                SHA256

                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                SHA512

                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                Download Submit