Overview

overview

1

Static

static

1

6917061243...8.html

windows7-x64

1

6917061243...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6917061243cd9396c6878aeeaff09040_JaffaCakes118.html

  • Size

    28KB

  • MD5

    6917061243cd9396c6878aeeaff09040

  • SHA1

    3c5d665ffedbd0b5a8e213f884f8551377f8a496

  • SHA256

    cf913501d2d2f4f70163b0b1d02e092b78ceeaaad396425b1c555b8626b4a011

  • SHA512

    b4c5b5d0d66c638b2315dc2b3b83614168ced74e999d2b653e9c61c41a8772b74daa5e8f580a8ea44ab02549c1874b56061eb83f720d0a1e29e83754534801ab

  • SSDEEP

    768:S07Z0n1Fi4mzPB6CYGaSEjIyRqZ61hBCElS:S07Z0nri4mzPB6CYGaSEjIyRqgBCEk

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6917061243cd9396c6878aeeaff09040_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1420
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe401546f8,0x7ffe40154708,0x7ffe40154718
      2⤵
        PID:3988
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,15099619951900374672,10014078076028217743,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
        2⤵
          PID:3972
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,15099619951900374672,10014078076028217743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3924
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,15099619951900374672,10014078076028217743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
          2⤵
            PID:5076
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15099619951900374672,10014078076028217743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
            2⤵
              PID:4020
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15099619951900374672,10014078076028217743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
              2⤵
                PID:2220
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,15099619951900374672,10014078076028217743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
                2⤵
                  PID:4824
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,15099619951900374672,10014078076028217743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3980
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15099619951900374672,10014078076028217743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
                  2⤵
                    PID:524
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15099619951900374672,10014078076028217743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
                    2⤵
                      PID:3660
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15099619951900374672,10014078076028217743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
                      2⤵
                        PID:3668
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15099619951900374672,10014078076028217743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
                        2⤵
                          PID:1380
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,15099619951900374672,10014078076028217743,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:732
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2472
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4616

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            a8e767fd33edd97d306efb6905f93252

                            SHA1

                            a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

                            SHA256

                            c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

                            SHA512

                            07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            439b5e04ca18c7fb02cf406e6eb24167

                            SHA1

                            e0c5bb6216903934726e3570b7d63295b9d28987

                            SHA256

                            247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

                            SHA512

                            d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            416B

                            MD5

                            10b7a29e738fa4c3019f21bf767481bc

                            SHA1

                            7091117ff9af4eface7d2aaadcc1e441488c9964

                            SHA256

                            2e23cf7e1196c6e2d8cd2f5cc5267e979ba3e9bd95b0e5c0d8cb27c4bf62f8af

                            SHA512

                            a01d476454aedc50798a2bac40a77241f81df626175e661d17b8c1d9ff3233b19f332b428e048a78dc291b4bc8529b1ed654bc126df2c461ed2564818ca04d4a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            1db2844b1ca5bb42b759113d55e7f913

                            SHA1

                            d908124786191d962e57971ae16a914f8758878c

                            SHA256

                            de850e56337c2524cf6650bb235aa328de5e4d92819a7df2843fcbc8b4ad0365

                            SHA512

                            116ceada47f34f6ca37a0ad4d007eaeff4d3ade3529e4ed12b027eb8aed3a3475e68947ed4f718ed954832d28400d46150839241a16f33ba48f4fb8771bb8a37

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            0fe44394a9685fbedec1feff00565e5b

                            SHA1

                            353e7045d79cb3dc7d95da6e66cc82048ad5dff6

                            SHA256

                            a23766256339fb6fcdaede80a54b70e61a70d8755f0e53ba27b138e3e0f31369

                            SHA512

                            7d2b2689fcdb1135da58363f24ac0736a9757c68dfd52c9569de00495bfa8a14cdcf29d60b0a2272591c5c7161f87810022674feecb3a1ab65091e1dc13c43b0

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            cc622d1e8e361026653ef3c878369173

                            SHA1

                            d9125de811ca8a3345be8963f7a375589d92900e

                            SHA256

                            0348e3a8a1d2a7f5d4ad936596db397050e5e1229257c48ce7301bc29185288b

                            SHA512

                            c3abc122bd2887a79aba2fe1f5a6d5e792a8ba0ed67b545f3341e288d9fda1262cae68ae2bd245c75783206ec04ffb3cddfacc7acde9066e5538380490b2708c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                            Filesize

                            537B

                            MD5

                            4e83b13f41a00bd80b05be31d0ebdbb5

                            SHA1

                            5cda7686be87c8e7e855c87a59a22f9b7c3eeec6

                            SHA256

                            6bf48a73924cef9bda23ea7e5e99db3fddcd00c7c580a884cd74e40405b08985

                            SHA512

                            070ae13bdc2edca763cfabedc28b266b43098a865eeceb121c3ce3a604e8e0b7dbaebdf51c19f8917e53b5658e7aa43ac3878b54f42fe8c9b6e5c81c1a1f5708

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580829.TMP
                            Filesize

                            203B

                            MD5

                            8aff207ecf78da9d86a608f2389ecbe8

                            SHA1

                            109841cea27a03988176d4e59dd09f49cd544dc2

                            SHA256

                            d290bdff29b6bc303e3cee04300f8e5992c9b7ef16ea673835a47a76411cb8af

                            SHA512

                            a17f82539089bc573d96a74f1994c2ab90e796c8e3f83b6c34486cd92dd1900e5be197145100b0fe444a3a761e377b2b2e4a84333b3e31bff960963558fe470b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            8abf33ec25bfbf5979b712d37dbf8900

                            SHA1

                            417cc55d4b3b62aec564a95b798334efa4372067

                            SHA256

                            e02bd999c4dfa3c874ea86d6ec30212731024725589afee30149132d2bd14e78

                            SHA512

                            abe6ed8d79d48808d762b782beed2046d4b593abce97725f16638c12d46637143c7de0f69fdf3ae83803116cc633d7ccbe4d1018d402ed853d248adfe8177f74

                            Download Submit

                          • \??\pipe\LOCAL\crashpad_1420_VPWRHNVFXBQJNIJO
                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                            Download Submit