Overview

overview

1

Static

static

1

68c26b4c72...8.html

windows7-x64

1

68c26b4c72...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 21:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68c26b4c72597f1164a6a5d6b79a83c0_JaffaCakes118.html

  • Size

    33KB

  • MD5

    68c26b4c72597f1164a6a5d6b79a83c0

  • SHA1

    f4a70e2a51a2f4e89a69d367feebe0b66e95fa27

  • SHA256

    8f6b0bf3a422951f60d6d4524aee4ad56747e31935c9218149c51d9a01dc7da4

  • SHA512

    431c8a0c9485386affd09563f81567784b167f29d954c054574a8ec4980fd5e0945c845bd997d1a6cd98444a2bd647a452110f278b12324470e265507233e204

  • SSDEEP

    768:tSaxmt1nXc6/7HSlCjI6VIn024aZzbj69mDiSreRGwNPkC496uO0:tSv1nXc6/7HSlCjI70UZbj69mDSK96ut

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68c26b4c72597f1164a6a5d6b79a83c0_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab30c46f8,0x7ffab30c4708,0x7ffab30c4718
      2⤵
        PID:1572
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        2⤵
          PID:2580
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3220
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
          2⤵
            PID:3276
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
            2⤵
              PID:3944
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
              2⤵
                PID:1928
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
                2⤵
                  PID:544
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
                  2⤵
                    PID:628
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
                    2⤵
                      PID:5056
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
                      2⤵
                        PID:1948
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1864
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
                        2⤵
                          PID:3572
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
                          2⤵
                            PID:4596
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
                            2⤵
                              PID:4432
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1
                              2⤵
                                PID:4352
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,10168296892303656649,4394015814009732570,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3468 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4524
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4084
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4204

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  1ac52e2503cc26baee4322f02f5b8d9c

                                  SHA1

                                  38e0cee911f5f2a24888a64780ffdf6fa72207c8

                                  SHA256

                                  f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

                                  SHA512

                                  7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  b2a1398f937474c51a48b347387ee36a

                                  SHA1

                                  922a8567f09e68a04233e84e5919043034635949

                                  SHA256

                                  2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

                                  SHA512

                                  4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  240B

                                  MD5

                                  7fad167f0943aceb9d890c3121636857

                                  SHA1

                                  82bf35173d925c2df47a7e0e96af18249f520d73

                                  SHA256

                                  5074888258fda8047e75586d05ddf87fac97d2699cdc2d1179abae42c23301f4

                                  SHA512

                                  8d5e7f74cac7321d3a5d56366fcdc7fa7dcf8614fc5f28a7add3f413717558524a2ef3942fc382527030555bf7e87dbbd4d3eeca1ec0de5024804727b7471786

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  787B

                                  MD5

                                  6a39fa4c65ec244ec5022e9d03f08179

                                  SHA1

                                  d28f0fd1ded7e68ecd5bdd05bc64b7eddd0e5247

                                  SHA256

                                  6260d31b8e5e89183180918098ba8dfae31c42440a03c197e9d6ab5d3c14fa8b

                                  SHA512

                                  7a78d3471ba612b530bdab1622374b8f386cb9aefbf547f0c2052a9a1fe2027d9f93c1365d57611b9b5d3815a40e0458b732be916cdfeff9c7002ba72d881a32

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  f2c62f2c05f2f4691e347bca2059e3c7

                                  SHA1

                                  5fd7db8cb2e7956acc9e2cdb3fc52822495f2eee

                                  SHA256

                                  b085429a5e84d4215bedb24a0e35a6b2c5b7aed98dac8e5f7b7c874c34f72339

                                  SHA512

                                  aeacbc0f129bcce633d38495cb98b9715e4b7f7cf7a6808cf25f6086a6e1a12a0f55ca9457e40bd67efb1d69d6dc6f3b06c7b675931049524b229f1fb1fb729f

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  c60baeffa0428106f7b9db6113646989

                                  SHA1

                                  29b2555014f2f00699129743c56fbd947f36de38

                                  SHA256

                                  a3f6cc682409a9d4c7099d13b24e49295b80fb1e1a073b113d5f0bb853f9edbe

                                  SHA512

                                  8d74ee79236577b170bd7409434a8d33d848d9464a403ea79b3d876cf251a8673dd4705df2594c22255bddfb5e92df5205affe7e4ea5803550932835cf3a8032

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f8f73d20-7d64-40ee-be48-ac4bb0b05c81.tmp
                                  Filesize

                                  6KB

                                  MD5

                                  9f770cdb10f15a6aa5b2fb1cef1797fc

                                  SHA1

                                  84170ba564c257df4d865275987512d2ca99626f

                                  SHA256

                                  0465057ca7840ed5efb58bbc464df40539dee5078d208d25ed31e8c4f059c131

                                  SHA512

                                  258d7292d339b1c41432b72334a8937dc70834b8914c232d5cae362468929cb5b2323f60a46c8ad497f133075e973864ce114d5e9e2aac232e547df33d37ba2e

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  bc6ffc179ea74de2a37b6b0870ef5a17

                                  SHA1

                                  98a76467d3be2953de4ca536d10c5990aa89cb47

                                  SHA256

                                  77e8fc0a58f2f17368f97fe06a0bf9be63d4c2ad50805bd011d2a646c6276676

                                  SHA512

                                  53b93dea3953030ca5ea317abe1ee148b67c2cdf49903a64db2fcf71a35e4c88caea8af1673ec059675f1514265669634a8749dd4fe10695b5cac9699f5db730

                                  Download Submit

                                • \??\pipe\LOCAL\crashpad_1612_ELUWXLSGSBDXYKCZ
                                  MD5

                                  d41d8cd98f00b204e9800998ecf8427e

                                  SHA1

                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                  SHA256

                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                  SHA512

                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                  Download Submit