Overview

overview

1

Static

static

1

65d33c69d0...8.html

windows7-x64

1

65d33c69d0...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 03:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65d33c69d03cfa505650e491b8b68136_JaffaCakes118.html

  • Size

    251KB

  • MD5

    65d33c69d03cfa505650e491b8b68136

  • SHA1

    73d1a64cd484e38d4a416a17182e780b2fa958a7

  • SHA256

    9c5b1e8918694bf15ac29a47140a66252b82e7877317fd09d1588646f7e84639

  • SHA512

    96ef18f362cbf8f3d04609e1b7432c8f6462c8b0f3fe42da4502af19f6d595be44d3445aad240462b2428b9facd3446512cbcf10ade49703410c68db7b20917c

  • SSDEEP

    3072:NUSD/GaJHzi3mCPZkweh8FPIKCG6HyUtCu3qAcZfySLl/H/KhMXXg6Wc3H++p7lU:LD/G8e31BkmPpv6HyUtCu8TX4T

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65d33c69d03cfa505650e491b8b68136_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b7db46f8,0x7ff9b7db4708,0x7ff9b7db4718
      2⤵
        PID:3740
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
        2⤵
          PID:4232
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1612
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
          2⤵
            PID:3412
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
            2⤵
              PID:608
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
              2⤵
                PID:3520
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
                2⤵
                  PID:4636
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
                  2⤵
                    PID:3224
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
                    2⤵
                      PID:4640
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
                      2⤵
                        PID:400
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
                        2⤵
                          PID:4980
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 /prefetch:8
                          2⤵
                            PID:1904
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1300
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
                            2⤵
                              PID:1240
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
                              2⤵
                                PID:1644
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                                2⤵
                                  PID:1628
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
                                  2⤵
                                    PID:3248
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,15990140002534917739,6797215587814447572,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4336
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4928
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:2360

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      ce4c898f8fc7601e2fbc252fdadb5115

                                      SHA1

                                      01bf06badc5da353e539c7c07527d30dccc55a91

                                      SHA256

                                      bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

                                      SHA512

                                      80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      4158365912175436289496136e7912c2

                                      SHA1

                                      813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

                                      SHA256

                                      354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

                                      SHA512

                                      74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
                                      Filesize

                                      40KB

                                      MD5

                                      5ce7bdeeea547dc5e395554f1de0b179

                                      SHA1

                                      3dba53fa4da7c828a468d17abc09b265b664078a

                                      SHA256

                                      675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

                                      SHA512

                                      0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      240B

                                      MD5

                                      8bc76db655d8411b77f8df7bfdeda48e

                                      SHA1

                                      fbffb57a22df003e855ad0262de19915a3ae4cfa

                                      SHA256

                                      3caa990de3e0a5fdbc768205980d0877a96639fee20c880873b805c05f26e5ef

                                      SHA512

                                      d9224da3e5c7a398415a000a7ddfa7bcc2f11a190d1f0630d3acda4c57d425bb0a14426275e42889ceb5a3ce22a685578ca29ad763055dc89c2e6cb06f2ffc06

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      216B

                                      MD5

                                      6a3625ec3a1846a0bd7e130bde4df405

                                      SHA1

                                      1d3536c486566024fee7a2a0068c930348a4a376

                                      SHA256

                                      e68c839a1e9aae13dc39ced76853912376f8f711b1b08e417ee6182374064f40

                                      SHA512

                                      638c0acd1c6069460afbae58c4a1c13a6032ce02b1a088642857724cef65c4c126dbd2c2f1e6403c7ce7f2b1ecdd9ed06eae32bf9c1a9f6a71f8d5cb31b581b6

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      3KB

                                      MD5

                                      ad74caea1264f1c6b1b54b3cdb543788

                                      SHA1

                                      8386afa90bdbf2b49dc8466545c4be38c99d619c

                                      SHA256

                                      cbac462b45a1fc9930bc1a5bb97d3071a859d917fe3060b09e211c29b4d87805

                                      SHA512

                                      9e32c6979b13b8ed7d1670ba582dcfed70c84099a4387c1391ebe0b8408180b47d3f5cc5f0e4779623dfb36a251afa98f9d6f8b61436ecc876865a56bc929dbf

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      3KB

                                      MD5

                                      c393f4cc5b3319067590799389ce7641

                                      SHA1

                                      d788785495f724b4eb2e9769e0584093f105f9cd

                                      SHA256

                                      86ebda0899ce399e71010378c3ea1c7b5f86023ba7e5b1e73582e35d370e3487

                                      SHA512

                                      cef6ab4919b44907e30396323510ca3def35aeb0e5952e3d6ce4a70ec8985ac3d7882b07cb89c0ffec5d5eed899c0a23909f6bddf8254a50a17fe9c6c8eac516

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      d942a17da8330671213e96fc0dbbf7bb

                                      SHA1

                                      0e98de02e28815a9926173222c8c2f6fcccce96d

                                      SHA256

                                      8924856e1e7be7141f31ed5bb1a0b2590a751bfac49af2228b12e37e1aebe993

                                      SHA512

                                      84f0b9d82fe9163649c46cf65d1334066494a995ae2132759a18a4ff1267be3ea95e3546ab530cbc0f8c27a434fbb25714d20cb84f6f9519b648ba1d93822755

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      8KB

                                      MD5

                                      a8a67c9a85656fcdc698e6907914b0af

                                      SHA1

                                      d2c876549651e26428aba4b2ce379e77f6a6ee03

                                      SHA256

                                      f59f412f1cd3f86fcec2c39224fc813f261038b7fdb9f50b08408a30dcbda237

                                      SHA512

                                      bcbd07ce8a206de9ae3fbfd01cd4af37ab347d84fabc6071a870e0d9fcd2b5dcfb8ee3e4e065779677dcb4728b8c67c66500dba97ee7496505b99316562e18d8

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      7KB

                                      MD5

                                      7c833e4ddc1466f7faefe8a5396bf9be

                                      SHA1

                                      bb2b0e40048ea38cd4d04cd12d8064a651bdfbfe

                                      SHA256

                                      b240706f3488734a74984d635518a0ce073f4c39134dc4d9774a80c94b877082

                                      SHA512

                                      f255a876f031490a48700163ebf5274514df24517bdb9199a4b15c6c0208ab8ccbbebb496545a69f4b9e21cc5da90f7b01a92f37dd2c9a071533740a1a257af3

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      8KB

                                      MD5

                                      21de0714bd94a7232898f7b7c158c1fa

                                      SHA1

                                      a2fabe8d20ebd3409bf0d74c331c144807a667a3

                                      SHA256

                                      270fc42c90d7e59cdef2a139a4499b96ab705505b3600f5ab75bfc73dee7f1b3

                                      SHA512

                                      b7bf5fe3d9adbce99a467104710c49346b16924284c462c98ca6c1a80c1e5ca0ece1c7a43bdb284dfe78a8ff062e21344bcbed0b21566bd927fe523de3cfc809

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      30ebe447e786ee6773cd8fa1a861d6f7

                                      SHA1

                                      be46884bb95d5221a991b8f976497efb8d4b3d21

                                      SHA256

                                      42583822efd274cba48855d7f57e87387d4a9ac4b76a1818424a0bca66f5de6c

                                      SHA512

                                      f7948540b8722caef736b98efbffdb9084ab8008fe2b8aa0b22b21a5e2f5618f4f63c1ac5861a6ee2ad34f6fe3ec8c058e79e64e769c9b39db402525bb5df9e1

                                      Download Submit

                                    • \??\pipe\LOCAL\crashpad_1896_YQXRXLZLBHJZUUVR
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit