Overview

overview

1

Static

static

1

42fbc4aeac...8.html

windows7-x64

1

42fbc4aeac...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-05-2024 20:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42fbc4aeacf6ec16c6be60a0086e85aa_JaffaCakes118.html

  • Size

    31KB

  • MD5

    42fbc4aeacf6ec16c6be60a0086e85aa

  • SHA1

    d8078c2015496d5ecb8398ed65d837bdeba1cc2c

  • SHA256

    f2cae50c9ea7ae1dc5706376c08ac7724046ebf4af888add9aa929b5f77b5af0

  • SHA512

    fd117e4b4a665705cca6d38b3d316c151449b857946871cd22d0dcb664b08db88f4efa9e079226a15362379d2a0001e59471d9ba3dfaf7df45240bbdd4508cd9

  • SSDEEP

    384:SIDRxAf6jIBky1AIBIIII4Bjy7JEDbvHIXkT3nYNA+B8FqXZES4IApENE60uu:S4vjIGdjy7v6oN1BWg4IC60Z

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\42fbc4aeacf6ec16c6be60a0086e85aa_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:372
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa05d646f8,0x7ffa05d64708,0x7ffa05d64718
      2⤵
        PID:968
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
        2⤵
          PID:4824
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2012
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
          2⤵
            PID:4904
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
            2⤵
              PID:5008
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
              2⤵
                PID:2124
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
                2⤵
                  PID:3444
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
                  2⤵
                    PID:4688
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
                    2⤵
                      PID:3064
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
                      2⤵
                        PID:2476
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7480 /prefetch:8
                        2⤵
                          PID:5056
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7480 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2772
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
                          2⤵
                            PID:1948
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
                            2⤵
                              PID:3452
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
                              2⤵
                                PID:1080
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
                                2⤵
                                  PID:4408
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8182056425263275458,14783294896823086862,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6300 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3588
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3420
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2964

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    ce4c898f8fc7601e2fbc252fdadb5115

                                    SHA1

                                    01bf06badc5da353e539c7c07527d30dccc55a91

                                    SHA256

                                    bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

                                    SHA512

                                    80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    4158365912175436289496136e7912c2

                                    SHA1

                                    813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

                                    SHA256

                                    354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

                                    SHA512

                                    74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    350B

                                    MD5

                                    d3f8315c17807a28c7efcd1f27870628

                                    SHA1

                                    dc86bf2bf8da8e99b2ea1a620b3f6a27cee36fe9

                                    SHA256

                                    c00a7f6dcae64e58f4f310ac394a18e212d8ee39509f4d002e808789df7ed1fd

                                    SHA512

                                    0dedc5a41a0bb59ee4f8f0b90737835c5d5099ab1e304a6b987cb831f0fcc8100e525e6a4f4c91f2a6d80fadfb06064b4aa92e71a8abfdffe818096fb9d9dc2d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    24bb3b8b0f8230c0cc3125487b445b8a

                                    SHA1

                                    d3afbf4dcf50701a88948e93937caa1ada727c25

                                    SHA256

                                    c460bdfa33b6663b3eb58f3eb10a16c7023c53a06627000682ffa83f73e7a5c0

                                    SHA512

                                    04f82c48687d79cba87a7ba9630b2ccd08b96c32a4b10a71102a2e959201dfdb8459237aa7aa57c6f83623be150f0b303442574b18a43399ec29b955503a7bcc

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    43ae4411ad2b82f78ae71702c9d01219

                                    SHA1

                                    19d63b92c5e94a56173568cf6e3e7bc563918343

                                    SHA256

                                    26b729d782ec0596bfec4a2d64fc9810b9ec5d01c3513d58d1ca4a3c9db29ce2

                                    SHA512

                                    d180c0c86d561c0c590b11db2827b88326ac3da66e0cfeb38348d8e49c9997b451939310e3602b9aa665a8d4d78ed6483c30c922941e5930e6f0c2aa9663f5fa

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    aa674557e40e78805e96c681f2f89b26

                                    SHA1

                                    5cbb1d5f0f17c9af8b747d10287e5de825d875fa

                                    SHA256

                                    94eeed71164f5762bbe62420e6c5a784f35dd81ebc656d06513953a8474edc64

                                    SHA512

                                    ed4c2c0a77078cf7d4eceb1ece63752fd1cfbc8ed67981f76a6fdd73ddc1d80c32a4a7ae2146d0e6230052437bf8f2f40add39d15cb6670c24332f66da9b7610

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                    Filesize

                                    204B

                                    MD5

                                    b124b4b409a86adfcfdc63e853de346f

                                    SHA1

                                    69d930fa0a8c1d50c8b2f8137ffedf515383fd73

                                    SHA256

                                    59a139d56400cc08bb127d32cc3a19263cb96750a692d45ba176566ea5cedfb1

                                    SHA512

                                    c8d952867679b2db36d58d8e9a048c41f249984f9584d2cc97967900b2308c39fb58bccad43e67d776732dbb25fc240f7438891801715e86d7f81936f4eeb27c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c256.TMP
                                    Filesize

                                    204B

                                    MD5

                                    2264ac5ff0c127fb6cafae8ceb354a96

                                    SHA1

                                    15a7cbfe22bc4043edcd1a1885ec8063973a05d8

                                    SHA256

                                    35dc2c701d35c474d61c7b5339a35a220c47afa2df3f2183e45703e4f8e6c3f8

                                    SHA512

                                    d3ba2ba43f93472502cbbea916c8bebdca4cca311e7f243efa3491dd897accfd4496e130921dc8bf37abbb847c335332c43a7bf13fd02f5c920e7df81bee0a7c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    cbae7a9906af8c092d55cb616c195ccc

                                    SHA1

                                    a0fb5dd3a4228ee88f27e1c58b2f55ad2c1fade7

                                    SHA256

                                    35852d42267181d3174a4bdf3d80ca712fd32fb14093af3b5fd0ccbe92e0d748

                                    SHA512

                                    4b589b6e45962576a65b98c6f9ee0690169d21a1a8263186b38c4eeaf094d62a7d8f812519770b66585f06c04971ee6a434784ec1a96b670a5c52699fd2cea69

                                    Download Submit