Overview

overview

1

Static

static

1

5157b2174b...8.html

windows7-x64

1

5157b2174b...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/05/2024, 20:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5157b2174b318d26e5995957ddc1983f_JaffaCakes118.html

  • Size

    143KB

  • MD5

    5157b2174b318d26e5995957ddc1983f

  • SHA1

    7474670e751ab1197d39d62233b526ce08f08646

  • SHA256

    0d61a6aadd984d4ce3cd927c7c404c80f5c0120b436238b393a0cc4c73aaadce

  • SHA512

    d854bc29dd3bfedce7ae8d979cc7bdf0acdf868c042cfac6c46b23f9c0493a72d4be5ac3988bb13d9cde9e84eab375b50e502628b36e86d6989257d0c17dc1d8

  • SSDEEP

    1536:SMZNUovF04PLx76vuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:SWvbzx7dyfkMY+BES09JXAnyrZalI+YQ

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5157b2174b318d26e5995957ddc1983f_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3680
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb2aa46f8,0x7ffbb2aa4708,0x7ffbb2aa4718
      2⤵
        PID:3864
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7787603597850687406,12377235075346678741,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
        2⤵
          PID:2492
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,7787603597850687406,12377235075346678741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2936
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,7787603597850687406,12377235075346678741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
          2⤵
            PID:540
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7787603597850687406,12377235075346678741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
            2⤵
              PID:4404
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7787603597850687406,12377235075346678741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
              2⤵
                PID:3412
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7787603597850687406,12377235075346678741,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:924
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:4676
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:3172

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        56641592f6e69f5f5fb06f2319384490

                        SHA1

                        6a86be42e2c6d26b7830ad9f4e2627995fd91069

                        SHA256

                        02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

                        SHA512

                        c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        612a6c4247ef652299b376221c984213

                        SHA1

                        d306f3b16bde39708aa862aee372345feb559750

                        SHA256

                        9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

                        SHA512

                        34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        5KB

                        MD5

                        3f332c488e7fd09b502c76acec1d4b42

                        SHA1

                        ce676ef135b57388353317f6f090d1479eaeec95

                        SHA256

                        81a91fb76afc8105c4a504208a501bc9740be90a555029437044877b4474d0c3

                        SHA512

                        28bc72346ddee94eb23715a95154a7c1508e82f45b4169339d6f0075dcf87cf5ec46d6156c28e7dd668ed5ebb5416cb21709404159d26f16109beda2011f5d18

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        6KB

                        MD5

                        1325169528a7061ddffbcede6e506855

                        SHA1

                        c73a21d56c3fd951bda539224ddcc51ce5c1a460

                        SHA256

                        582fb5d73d67682668b4540eaebfac648727e2c80b630c8a4bae177a743cca75

                        SHA512

                        937f7055ef45d4aae23a9794ae51232f1b296a8110dbab30f2089fafe9acd090b0498f017bf1e1348a8c73a0f7aaa91f1fba360531d35c4d5794516cae7abea2

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                        Filesize

                        11KB

                        MD5

                        b0896b0cfa14a8d438420b57d0bb0866

                        SHA1

                        2349238dc80afe5596bad5918506e342dec8386d

                        SHA256

                        a0a0d757d147b9abd3f504d71ce3c14288928d855af1c77d3d222a8276cec42a

                        SHA512

                        8280f962a79a352d553cabc7cd51ea6a201551fb24c832c1fb8ce305d5600d818ff11c7c3d5e6678d7c50a947af6226bed241eda5afe4d887e8b7b3f6cbf83aa

                        Download Submit