Overview

overview

1

Static

static

1

3914508de4...8.html

windows7-x64

1

3914508de4...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2024, 08:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3914508de41ca74dcc37eda035aeb708_JaffaCakes118.html

  • Size

    17KB

  • MD5

    3914508de41ca74dcc37eda035aeb708

  • SHA1

    5b62d13efe3ec1795728985d5ab49d264b9ba424

  • SHA256

    6c395de9d6528973115dfa5f86e42ef10f14e54311f370e89b1e6174f6862386

  • SHA512

    fafcf850f71a277b812d2db028870876b5c2946d1d9c9f237bc73796ae01681504af8da85ca35e1c4c6bcba992c40fc92e29ab7b22dd8b6ec5fe26553e09d946

  • SSDEEP

    192:SIxn+1SsxT28okXeJapeM8yk44ltgBHGA1poNS/qPBdQYWnb0qc:SIoxT2AuJaKyk4I8poN2mrQYqbLc

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3914508de41ca74dcc37eda035aeb708_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb683946f8,0x7ffb68394708,0x7ffb68394718
      2⤵
        PID:2732
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,11418412943590618254,13912074259906801915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
        2⤵
          PID:316
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,11418412943590618254,13912074259906801915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:996
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,11418412943590618254,13912074259906801915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
          2⤵
            PID:3636
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11418412943590618254,13912074259906801915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
            2⤵
              PID:2896
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11418412943590618254,13912074259906801915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
              2⤵
                PID:2244
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,11418412943590618254,13912074259906801915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4336
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:2736
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:2912

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        4b4f91fa1b362ba5341ecb2836438dea

                        SHA1

                        9561f5aabed742404d455da735259a2c6781fa07

                        SHA256

                        d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

                        SHA512

                        fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        eaa3db555ab5bc0cb364826204aad3f0

                        SHA1

                        a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

                        SHA256

                        ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

                        SHA512

                        e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        6KB

                        MD5

                        8057a1096897ae26ab906c3fc1390bf4

                        SHA1

                        4d3dfd8835596ab304d0817039a1a663a890349b

                        SHA256

                        faa8aaad6ad4a1e3b6812ef6f174bffd9b26b175458c4997ab87003821de6e34

                        SHA512

                        498592e61cab06087003f88c1fb226c977dda2e77ccd2a4495864c664d5bb06f0c77f1232b15f5a249be69bb38b36663ad416d3cfca8e4cc0319849472070cd7

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        6KB

                        MD5

                        a9391f09c516ffb75adaeb16f2faf27a

                        SHA1

                        f21308c2193a73ae1cef2b6b2d21cdc2757a0d30

                        SHA256

                        c7409fcdbb8945f733a352d350c10663ec3c143a0aab2b5f55cd7ea78f67b09f

                        SHA512

                        1bc980d1bb085eef0970da31323c1fdee37f725f804ac7f64fd90d1d7aa422ebd6e0bbab30a68ac69c1ff0dc90d0d66d31c29e08dc63a8be071d7fd960f8cad6

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                        Filesize

                        11KB

                        MD5

                        65b97b217529a6d354943f6b91e7d4b2

                        SHA1

                        a0a1e798b9b8dfacc464dae42a6ff240267e7410

                        SHA256

                        0a1a2a0fa42bc2e76f5edea4638b0c6522ee3bdb98dd2f03c644fa93851306df

                        SHA512

                        33634b15c0f148a5531d8b4212197585ba36a982317c3053aba6498ff76acf90ba7e18910e4a85e4b0250dad995b61c872a3a5b6982ac927832c3cfe110b4ae4

                        Download Submit