Overview

overview

6

Static

static

1

56ce1e129a...8.html

windows7-x64

6

56ce1e129a...8.html

windows10-2004-x64

6

Analysis

  • max time kernel
    145s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-05-2024 21:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56ce1e129af1e3d02293e6eeb7c565a8_JaffaCakes118.html

  • Size

    35KB

  • MD5

    56ce1e129af1e3d02293e6eeb7c565a8

  • SHA1

    fa9ee962434e602f2c50c167d5ea2c689fe01812

  • SHA256

    e0fd6803665eeb47c207f72b7d521ef5ecc81d4fb1b774473f9f8f079377c235

  • SHA512

    8ce42f468ced090102aa306d96553bb6c7368eebf22ca131dfe646604e64de96015c3169cadec97538f049bd8a66dbaf4b120d608694a6aa43d4c92722d2d72f

  • SSDEEP

    384:+BcTMwiARijKDtoChOy4xxUvL3bF78AJA36EPyBd5g8+vGNAJZADwNIAQPEA9Ass:8cYwiAsQAxUDrZK5Of5RHCTf4x2TD

Score
6/10
motwphishing

Malware Config

Signatures

  • Mark of the Web detected: This indicates that the page was originally saved or cloned. 19 IoCs
    phishingmotw
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\56ce1e129af1e3d02293e6eeb7c565a8_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2596
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8e0146f8,0x7ffe8e014708,0x7ffe8e014718
      2⤵
        PID:2748
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7439167146396309830,994982047149055183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
        2⤵
          PID:2368
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7439167146396309830,994982047149055183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1468
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7439167146396309830,994982047149055183,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
          2⤵
            PID:3492
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7439167146396309830,994982047149055183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
            2⤵
              PID:1736
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7439167146396309830,994982047149055183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
              2⤵
                PID:4216
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7439167146396309830,994982047149055183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
                2⤵
                  PID:116
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7439167146396309830,994982047149055183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4320
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7439167146396309830,994982047149055183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
                  2⤵
                    PID:4704
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7439167146396309830,994982047149055183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                    2⤵
                      PID:4340
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7439167146396309830,994982047149055183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
                      2⤵
                        PID:436
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7439167146396309830,994982047149055183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
                        2⤵
                          PID:3248
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7439167146396309830,994982047149055183,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4644 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3056
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2720
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3240

                          Network

                          MITRE ATT&CK Matrix ATT&CK v13

                          Initial Access

                          Execution

                          Persistence

                          Privilege Escalation

                          Defense Evasion

                          Credential Access

                          Discovery

                          Query Registry

                          1
                          T1012

                          System Information Discovery

                          1
                          T1082

                          Lateral Movement

                          Collection

                          Exfiltration

                          Command and Control

                          Impact

                          Resource Development

                          Reconnaissance

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            56641592f6e69f5f5fb06f2319384490

                            SHA1

                            6a86be42e2c6d26b7830ad9f4e2627995fd91069

                            SHA256

                            02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

                            SHA512

                            c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            612a6c4247ef652299b376221c984213

                            SHA1

                            d306f3b16bde39708aa862aee372345feb559750

                            SHA256

                            9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

                            SHA512

                            34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            309B

                            MD5

                            241b2bc9e4ada6b3e00b248c9fb5e708

                            SHA1

                            cd7447b89209742f29aa665bb1ddaa0b7809e945

                            SHA256

                            90829f4281d1ad4162227a7a528be8d25462a6ee5ac2f7890b90c8007a1fa767

                            SHA512

                            48c8cdad9c25f6d859f276a9ff0f8d17afdca078d4535ef1c287075024a25e58668e3a27591c467ea9d0341edb5f19bd0076837f1ca02c01e5dd3eaa432f0992

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            16ea41e8e5db393cf3878f9cad2c496d

                            SHA1

                            aecd6642f9c96363618d6e9ae1136df5e04be447

                            SHA256

                            03a54d6991c4fe242b56c2290177c789a9d4688ddda875ceef677766a2e2db87

                            SHA512

                            e78c716fbbb1fd4bc7920d37d803aa5b35ed2f1d3f3a4def049bc58686419b95d60a8cf6ea46435fec16c57b4127d02131b404e47c99379ef3d991ef2300ba4f

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            62f1e51b317b758e19a97f9e0b1cad4c

                            SHA1

                            234665e677f5217dc6323ec95e86a07d8376677f

                            SHA256

                            9925106442ca2f6269b3640c49ddb46a1cb74106947781bdc68e0b9c21370f7a

                            SHA512

                            826b690ab9df707e02b7b9af33b9dffc68cc0482c0773e3a770ccc2dd8a856f1592db3cff03b8307c81bb6a0dcb6175042e30f6693036c6dbcd74a2e6ea75f62

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            02e7c079b4e4481a46ec375cd338daf7

                            SHA1

                            7042275d0a9e7dfcab1c72d364706f297a593491

                            SHA256

                            6f2229955be4e30f337a3b2a1924923a6829f2b4f3896ca4bd44e33e2c728995

                            SHA512

                            26eac9bd70ff0f8e5c7ba093a14f5700dd2ca7fe50991959d87035aceadc30c1cf0b84ace89fbf6db4401be0fdb3970cec370a79d4abd8c3af8dc8c4133707c3

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            280601852ce5a217143d12dd6085dbe5

                            SHA1

                            f24de8447663c0c30ffb608a902a5af150f13b93

                            SHA256

                            5e863ca35a8a505fb3d0ee6f84f76c5293a73075a30cf939f5ee4749867e13e8

                            SHA512

                            ec0063c16aff8f1835e4f329ef2fcc5646a8c5cea2818e2078727b69a8d1af69505d4d43c7edc5ba5ffc4a43bbd1b4f6418832fc7172602f0c246773b438235d

                            Download Submit