Overview

overview

1

Static

static

1

691db80592...8.html

windows7-x64

1

691db80592...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 00:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    691db80592b4a14f80d207ea86763b26_JaffaCakes118.html

  • Size

    31KB

  • MD5

    691db80592b4a14f80d207ea86763b26

  • SHA1

    4a4e592ebf1891b449c75f0ab7d2df5adadc203e

  • SHA256

    330ed0a9bcd20cad967501ab5e15a034a5c15f3457f48c7c920c4eeb1894dcbd

  • SHA512

    2372eb9397f24c4e4975048a2efd87b799742d651683bdb398dac12a0d117e44ee2071643fb79465ed659567895599ddbab5bbc07242a19c331a1df5004d9a51

  • SSDEEP

    384:2DYT3cteubcq7Lb60kYQuIfe4zZBB9KSVN6IWKKX:8YT3cteiFL+0kYQffJzPBVNKX

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\691db80592b4a14f80d207ea86763b26_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:240
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb263f46f8,0x7ffb263f4708,0x7ffb263f4718
      2⤵
        PID:4872
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
        2⤵
          PID:2192
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4176
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
          2⤵
            PID:2104
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
            2⤵
              PID:1680
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
              2⤵
                PID:2464
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
                2⤵
                  PID:652
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
                  2⤵
                    PID:4204
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
                    2⤵
                      PID:3128
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4896 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4664
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5068 /prefetch:8
                      2⤵
                        PID:2828
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5084 /prefetch:8
                        2⤵
                        • Modifies registry class
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3036
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
                        2⤵
                          PID:1676
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6872 /prefetch:8
                          2⤵
                            PID:4448
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6872 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3296
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
                            2⤵
                              PID:1684
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
                              2⤵
                                PID:4092
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
                                2⤵
                                  PID:1452
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
                                  2⤵
                                    PID:4440
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8984577354122291368,16296748501559639946,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5876 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:2336
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:1196
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3628

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD
                                      Filesize

                                      1KB

                                      MD5

                                      285ec909c4ab0d2d57f5086b225799aa

                                      SHA1

                                      d89e3bd43d5d909b47a18977aa9d5ce36cee184c

                                      SHA256

                                      68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b

                                      SHA512

                                      4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09

                                      Download Submit

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD
                                      Filesize

                                      306B

                                      MD5

                                      4a744d7296683540f63efc03954b7395

                                      SHA1

                                      97f357db2c5c6431626dfaf17e863c6850de49b5

                                      SHA256

                                      c76ca9feeee1ff5460c1a6512070c531d0e8833a3ded4f50cc624f0e93a2d417

                                      SHA512

                                      43a91eded6bfbe0bfe8c79332866004123f575232ac59c465640e579299e29f2fc113f59ffbee2db2f72ed0e9bf925d414edf183d6e6e3fd87a00b70b6617847

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      f61fa5143fe872d1d8f1e9f8dc6544f9

                                      SHA1

                                      df44bab94d7388fb38c63085ec4db80cfc5eb009

                                      SHA256

                                      284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

                                      SHA512

                                      971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      87f7abeb82600e1e640b843ad50fe0a1

                                      SHA1

                                      045bbada3f23fc59941bf7d0210fb160cb78ae87

                                      SHA256

                                      b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

                                      SHA512

                                      ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
                                      Filesize

                                      22KB

                                      MD5

                                      5e74c6d871232d6fe5d88711ece1408b

                                      SHA1

                                      1a5d3ac31e833df4c091f14c94a2ecd1c6294875

                                      SHA256

                                      bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

                                      SHA512

                                      9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      144B

                                      MD5

                                      5ed00052d5989b7b8e44558b293a4eeb

                                      SHA1

                                      1705d9e13aaf439358ebfc1b2afb54f786e7fd16

                                      SHA256

                                      2e346c2df73eda527a25f6918eef958919029bfcd50b1584470e7c50c54e0e14

                                      SHA512

                                      ef2adcdd173ce93dc67d2ed5049a3ffff44f63343ddce1781a65bae0930d82a1caf8efcd13b63bedec948246938283242945e9c97ce73c880e4571fbb8c145b7

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      120B

                                      MD5

                                      e0b7692d05b65423e495ac57335b688b

                                      SHA1

                                      42f966a33e484008e174f5f9031422e617e60a63

                                      SHA256

                                      ff423c15fa4cd60a950ef187ff7f9d28223fe7cb2807242ee1a1c214cedf7733

                                      SHA512

                                      f480fd6994c841e99cbc0113a179e1773bb6a11d96d7b9ebd48a0a1add596594887afe4166bcb24ca1b996516aa84cf801ba7022e2cb1bbe5c0f7c0a545895e5

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      de217971d77b0e776743d99bb3a7e60f

                                      SHA1

                                      5c8f874ecb74790c8e4032b4b377634a4500195f

                                      SHA256

                                      1dad39084cc4ebd6794ebea58065f9c691e29a77acd64f111ff4d3650def96f7

                                      SHA512

                                      24e2d664751fccb614db07633794dfb59d397635e34a1280b481779f7c26fdabe00637084b0ab6105a2c811316759d16e2cf773bd0799a798fa4918510924042

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      2886e618791ce5226ce49c8bc7a48fbe

                                      SHA1

                                      447afbf21101245f97d64ce74372c0f7e053d6fb

                                      SHA256

                                      afa87f487f113c9a27c382a8731ba613a065d8c6e52f0483c203197df747f744

                                      SHA512

                                      9abe0ee83bd37bed974594cfee98154cec8d53965d962331fe287e2c7735b3227b4a14ffcb65cb8c07e79f227d809face1c7c2a85522fbf8d3dd5c2965dca8dd

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      7KB

                                      MD5

                                      d139a67ac29961fdb6614e505a49f682

                                      SHA1

                                      b85f63b85e1560ac57ad41637684117c323cc863

                                      SHA256

                                      96635e49d0cb6a500bedfe2b57ea7a845928a938c0a96308e28ec382b99d2084

                                      SHA512

                                      cc66655d1ab423c444c3dc1b4b408eafd6174d8c3ba33aa4b98f596e7b84b8e2e83bb4280e2c37ba895f2c165df4f0214c2e2cd0eb04549deb8d62626caedcdc

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      2d181909259f04c20d190ef1128192e8

                                      SHA1

                                      51c369290a9da2a65bae9b865458c88fa1cbe3a1

                                      SHA256

                                      93a19cf913b05d04a226db2e62324f5ca848448255edb4ebc178e6a52f521f84

                                      SHA512

                                      816b70b7d6c8e1bb6c59d20b64b1e777387b5ec043b80833f047c78bb326fc5bd414d1c6301a216283978ac7defd5fac7178d565906cf39c1550d8839e26eb74

                                      Download Submit

                                    • \??\pipe\LOCAL\crashpad_240_ISLINBLNZQXORYEM
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit