Overview

overview

1

Static

static

1

6395fd23d8...8.html

windows7-x64

1

6395fd23d8...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 14:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6395fd23d83e909153c96ccb72c5e5e4_JaffaCakes118.html

  • Size

    23KB

  • MD5

    6395fd23d83e909153c96ccb72c5e5e4

  • SHA1

    c922ad5c315434b3c33fcb0efe5ec48ce6f6718f

  • SHA256

    3cfba226612a44da48e630eba8c0c4917b813c29e4006f4da667046e5895bd22

  • SHA512

    4a0fd1272b54b10e8febaa1d5aec52a031b36242a62c3550e929c3716311d4d04c31a03cefcb7382ea840e3e724a4f09c618768ee319f08b725b3b9e81b3f326

  • SSDEEP

    384:tgBEwCNUNq0cqZJa1ifKe6/PedBBIfR4boWT6ubBIc9iVyZiiUy21EKo165fKV9u:trwCGc0NAeBB6FTUgUcEKAw9HiO

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6395fd23d83e909153c96ccb72c5e5e4_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1448
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a1dd46f8,0x7ff9a1dd4708,0x7ff9a1dd4718
      2⤵
        PID:5108
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17848272499197923000,11439975214390862386,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:3556
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17848272499197923000,11439975214390862386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2708
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17848272499197923000,11439975214390862386,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
          2⤵
            PID:4016
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17848272499197923000,11439975214390862386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
            2⤵
              PID:4568
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17848272499197923000,11439975214390862386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
              2⤵
                PID:3372
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17848272499197923000,11439975214390862386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
                2⤵
                  PID:1872
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17848272499197923000,11439975214390862386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3580
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17848272499197923000,11439975214390862386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
                  2⤵
                    PID:3552
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17848272499197923000,11439975214390862386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
                    2⤵
                      PID:1340
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17848272499197923000,11439975214390862386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                      2⤵
                        PID:1652
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17848272499197923000,11439975214390862386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
                        2⤵
                          PID:3604
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17848272499197923000,11439975214390862386,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4124
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2584
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:516

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                            Filesize

                            330B

                            MD5

                            f9fe9314010650836c14a5d38dbdda05

                            SHA1

                            209fae3846b082e881d980897faaa3efe19ab70b

                            SHA256

                            5763828b8aed19c24abe03595fb8a362e185dff01873e2abd9044161f3e235a3

                            SHA512

                            7f828e6df8f5b77e260aa4097a13770ea89c099ede5321edbfac7273691764cc0e7cc1e161591addb02a54a56c9673966ff4e7fb8eeabf571b9ac5ea036e5c55

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            537815e7cc5c694912ac0308147852e4

                            SHA1

                            2ccdd9d9dc637db5462fe8119c0df261146c363c

                            SHA256

                            b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

                            SHA512

                            63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            8b167567021ccb1a9fdf073fa9112ef0

                            SHA1

                            3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

                            SHA256

                            26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

                            SHA512

                            726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            334B

                            MD5

                            df488ea549a62f373be30dba34ce644d

                            SHA1

                            72c46b27af9d5e43ab69307a35c53d4a8789aba7

                            SHA256

                            bc22a22a7df360d61b3b2a43a2d2a51f3668c5aa248e258e209ecd9d80d9ca28

                            SHA512

                            ddac3a144578235124bce9798c476c989835fc2358a59a0a13c89f51220251cd6fa2f686ab43965589d01c203ce5ce3192845ccdf836d050f2e8bd7928ea3125

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            7eb7f24b75226bc0fd3e22d4ba85c88f

                            SHA1

                            e5f59c9c0e02abbf8b9b1403d0096bfb60ba24e0

                            SHA256

                            2efd1ec84e379cb12ed7b55ef926ae5057a162fb100bcbcd809172321e70ec32

                            SHA512

                            9dbd4282fbd00f8e5b94ffb3c49771e5eb52684a4bde5ed7cea6b291b15a62f8eed3d25970da538f887067f2da282a74d959d75c1847ecc43fc04e1b7304e2e8

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            c25bc3f8b1d3cb95235a8d527cf2f306

                            SHA1

                            27ce229a848cfcc29376f33893d276ae1cdcf1f3

                            SHA256

                            b3402c40a4698f2bb9b8c9aa3e10accf2d0e23a680fa2642a323e1f3d593517c

                            SHA512

                            e3f5df20d3d2f00d63cb22dcb4e2d4d570283e4b4d7e997fc94b78e25bba1f862574406f88199a7eebacef3dd6d030f9cdabc7f761caa5c87f72c6961c25f696

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            0b4e8a9023950486122b946e42f7bb39

                            SHA1

                            20237723063e96ca4b213f3988032715f986ab5d

                            SHA256

                            b856fe9a3490b20e0c2f9497f33039b112ef36c8055af3e4a266945c7a64a0dd

                            SHA512

                            b53ca496949282ed584f1780daf50bb298dc3125a465efb616757f00a796382a6edeb29e7c5e3e5b89ac9d40c53681a87d986ab274cec7043bff03280c172fba

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            8cb256f416ecfa27d134d378f5c44a40

                            SHA1

                            3d7cbd55639d9c4eb647d45888f79281c819c3a1

                            SHA256

                            102a5966d47f5845b13b564aed6ec2c26e440dac5085931bba3b1a127e98d850

                            SHA512

                            c4aff53a5f437c4d9247f00a0d5affa9750ca60d15299abe505cd0746734b377ed4a4780cd89fc14e9137af9cb3531fb1ce6c389f39623fb0115d845fca9af27

                            Download Submit

                          • \??\pipe\LOCAL\crashpad_1448_KPQVLHMIYAVRFYBB
                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                            Download Submit