Overview

overview

1

Static

static

1

4cb5f7b935...8.html

windows7-x64

1

4cb5f7b935...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2024, 19:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4cb5f7b935c5ebcd612df7ba96e5bfb1_JaffaCakes118.html

  • Size

    175KB

  • MD5

    4cb5f7b935c5ebcd612df7ba96e5bfb1

  • SHA1

    391e0b19ad2fdcf30891924c625da892e33d124d

  • SHA256

    8dd26ae9ead0edada93e26595c0e0666c480ca28a7caa986a60aba67e32c9bbf

  • SHA512

    ea550bf1ae244eb1ca93b444f574f64078f46c0d5b286062bbd5c2761229cd66292bd2e072f6258a5a131a2f687355082df7131ba028436686d8764b4757e234

  • SSDEEP

    1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3XGNkFuYfBCJisB+aeTH+WK/Lf1/hmnVSV:SOoT3X/FHBCJidm

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4cb5f7b935c5ebcd612df7ba96e5bfb1_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc76fa46f8,0x7ffc76fa4708,0x7ffc76fa4718
      2⤵
        PID:3752
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
        2⤵
          PID:4216
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3312
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
          2⤵
            PID:3756
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
            2⤵
              PID:3220
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
              2⤵
                PID:1124
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
                2⤵
                  PID:1960
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
                  2⤵
                    PID:3708
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                    2⤵
                      PID:4448
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                      2⤵
                        PID:4920
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 /prefetch:8
                        2⤵
                          PID:4408
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3396
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                          2⤵
                            PID:4324
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
                            2⤵
                              PID:2444
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
                              2⤵
                                PID:4056
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
                                2⤵
                                  PID:808
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2728535709469787934,5498930780848172678,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3004 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5588
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3160
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:1132
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3788

                                    Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            537815e7cc5c694912ac0308147852e4

                                            SHA1

                                            2ccdd9d9dc637db5462fe8119c0df261146c363c

                                            SHA256

                                            b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

                                            SHA512

                                            63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            8b167567021ccb1a9fdf073fa9112ef0

                                            SHA1

                                            3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

                                            SHA256

                                            26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

                                            SHA512

                                            726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                            Filesize

                                            456B

                                            MD5

                                            c405a7c9d45955c0d99d04da1b2953c4

                                            SHA1

                                            bb7a4cafcaea2821ea0dde746e716162597a0d81

                                            SHA256

                                            c4d62fc413f87fbfdddbb25268e7fab3f08286aa2bc133df9d3c78e9f6d096a4

                                            SHA512

                                            772a416908cce26864b52c859d314f652f3985754365630766d53a84bfb2694f672665ff5e1a0bae31308650b03ce970490a30f1ca06db5bb74acdf6ad3658a6

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            2KB

                                            MD5

                                            ffd31c70b821e6e46175b12c45fb6817

                                            SHA1

                                            c3815c6d5418f6e7b29dce472be91c5eb5c90606

                                            SHA256

                                            8b089ec0ab638dba77151025ce5df4862f261c8e71d9db75f1c655b2fc4b6f58

                                            SHA512

                                            06dfc5dd1594ec6e3f5490a5d2a0565334ca3306ab55df3c321ae991f9cc59f024f6c21a6e2b7d0f23e00fc4ea78190ca5014db444fd63667908ff8c690d383b

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            2KB

                                            MD5

                                            1bc8bb72351969d2ed98669df714774e

                                            SHA1

                                            ca3bdd89f6194e5889852537835c25609cb160d5

                                            SHA256

                                            1f294558d259732c7899fcddc9360fc1130ed997fa708c0cc4ead8dd674c503e

                                            SHA512

                                            6b57da8c199dcb4c9e9552e1e8a0c7c3a136dd7f5403173d332b47bdab8730c4d370ef710d4ac11038667928d94bcdb196b59d545ade5cdd6a60017fe2b5c21a

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            5KB

                                            MD5

                                            08266e3c019746e64a4a2951816f664c

                                            SHA1

                                            50d4473b5d3b6aabd46834bc45f652080ff24c53

                                            SHA256

                                            690ee7ba5e8ed5015cadfdb2ae21552ffc2db57e072169c00ac6bbf034301446

                                            SHA512

                                            87a8df7344e8bb4d94d955d45c1e2e6de25862405f20847ae248949e90f0eb55532c80d66764f0512230054008995f513d97de9b7de8e1a4d164701de7fa4011

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            7KB

                                            MD5

                                            66a61785a5da04040b221741497cc27b

                                            SHA1

                                            2a6a776a1929c55491ceffc42f1656289cbc037e

                                            SHA256

                                            d40071f2b57b1963ace2f9823c30f70b3a899d4cac184148a5c47a36dee17cfe

                                            SHA512

                                            9828758ed68da2b2fa67b7a44e834a352556e53ff3ea63b63e0b78b9f3fcd24a0cdcd9331d02a3d97826ebb5b2f3cc65f1501f73425697e9781972f7eb7886bd

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                            Filesize

                                            16B

                                            MD5

                                            6752a1d65b201c13b62ea44016eb221f

                                            SHA1

                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                            SHA256

                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                            SHA512

                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            11KB

                                            MD5

                                            c80eb5d16e14182acb15037c986bb61e

                                            SHA1

                                            580e7fc5cdff9aef9927f6cc723d1cc0352dc996

                                            SHA256

                                            64b0baa0f4317ac4e63968c0dc08b7aefbe7eee3ce6929097a42370bce753e31

                                            SHA512

                                            4d15d39fdc55ea98310f6bcbc59de7d0bbf5664d3bea5ed60f4df34cb8a3cdc5fa06d525fdd7b27f671910f8f33c60cf3dd6ba64464df56f27688863d4bf6d25

                                            Download Submit