Overview

overview

1

Static

static

1

83bcfde5ce...8.html

windows7-x64

1

83bcfde5ce...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/05/2024, 09:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    83bcfde5ceb4c1969fc4e77163fdf074_JaffaCakes118.html

  • Size

    23KB

  • MD5

    83bcfde5ceb4c1969fc4e77163fdf074

  • SHA1

    e06f08fa66d90034595096d5a8931a3529b66350

  • SHA256

    4baf079b54f005681de0ea51a90c8d71a26d5d49258af84e058ce28f5ea6f466

  • SHA512

    e3346051da05c6727e1a88e3307ccbf787563f7ff26ee939151ed4ff60427ad66cac6c5d363bbd69cc5531153979f5afab32eab509d48c58d03c0bc06170e4a2

  • SSDEEP

    192:uwrAb5nO2nQjxn5Q/JnQieMNnWnQOkEntnrnQTbnxnQHGLnLnQtaqMBsqnYnQ7tk:XQ/GGnmSi

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\83bcfde5ceb4c1969fc4e77163fdf074_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff99546f8,0x7ffff9954708,0x7ffff9954718
      2⤵
        PID:4864
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
        2⤵
          PID:4832
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:60
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
          2⤵
            PID:1316
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
            2⤵
              PID:2780
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
              2⤵
                PID:1788
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
                2⤵
                  PID:2792
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2516
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
                  2⤵
                    PID:3904
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
                    2⤵
                      PID:1112
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
                      2⤵
                        PID:4840
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
                        2⤵
                          PID:1280
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4420 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3672
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4420
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1244

                          Network

                          • flag-us
                            DNS
                            cdd.net.ua
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            cdd.net.ua
                            IN A
                            Response
                            cdd.net.ua
                            IN A
                            89.184.88.6
                          • flag-us
                            DNS
                            154.239.44.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            154.239.44.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            74.32.126.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            74.32.126.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            95.221.229.192.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            95.221.229.192.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            172.210.232.199.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            172.210.232.199.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            196.249.167.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            196.249.167.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            28.118.140.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            28.118.140.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            86.23.85.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            86.23.85.13.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            171.39.242.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            171.39.242.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            98.251.17.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            98.251.17.2.in-addr.arpa
                            IN PTR
                            Response
                            98.251.17.2.in-addr.arpa
                            IN PTR
                            a2-17-251-98deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            43.229.111.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            43.229.111.52.in-addr.arpa
                            IN PTR
                            Response
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 89.184.88.6:80
                            cdd.net.ua
                            msedge.exe
                            260 B
                             5
                          • 8.8.8.8:53
                            cdd.net.ua
                            dns
                            msedge.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            cdd.net.ua

                            DNS Response

                            89.184.88.6

                          • 8.8.8.8:53
                            154.239.44.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            154.239.44.20.in-addr.arpa

                          • 8.8.8.8:53
                            74.32.126.40.in-addr.arpa
                            dns
                            71 B
                             157 B
                             1
                            1

                            DNS Request

                            74.32.126.40.in-addr.arpa

                          • 8.8.8.8:53
                            95.221.229.192.in-addr.arpa
                            dns
                            73 B
                             144 B
                             1
                            1

                            DNS Request

                            95.221.229.192.in-addr.arpa

                          • 8.8.8.8:53
                            172.210.232.199.in-addr.arpa
                            dns
                            74 B
                             128 B
                             1
                            1

                            DNS Request

                            172.210.232.199.in-addr.arpa

                          • 8.8.8.8:53
                            196.249.167.52.in-addr.arpa
                            dns
                            73 B
                             147 B
                             1
                            1

                            DNS Request

                            196.249.167.52.in-addr.arpa

                          • 224.0.0.251:5353
                            msedge.exe
                            458 B
                             7
                          • 8.8.8.8:53
                            28.118.140.52.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            28.118.140.52.in-addr.arpa

                          • 8.8.8.8:53
                            86.23.85.13.in-addr.arpa
                            dns
                            70 B
                             144 B
                             1
                            1

                            DNS Request

                            86.23.85.13.in-addr.arpa

                          • 8.8.8.8:53
                            171.39.242.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            171.39.242.20.in-addr.arpa

                          • 8.8.8.8:53
                            98.251.17.2.in-addr.arpa
                            dns
                            70 B
                             133 B
                             1
                            1

                            DNS Request

                            98.251.17.2.in-addr.arpa

                          • 8.8.8.8:53
                            43.229.111.52.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            43.229.111.52.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            56641592f6e69f5f5fb06f2319384490

                            SHA1

                            6a86be42e2c6d26b7830ad9f4e2627995fd91069

                            SHA256

                            02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

                            SHA512

                            c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            612a6c4247ef652299b376221c984213

                            SHA1

                            d306f3b16bde39708aa862aee372345feb559750

                            SHA256

                            9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

                            SHA512

                            34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\78fa161f-fbd5-4d98-a474-673840b9bcce.tmp
                            Filesize

                            6KB

                            MD5

                            7c98feb07fe99f13e05d186c13b925b6

                            SHA1

                            c0500b673112e72893e53f2660ae39cbddf4def8

                            SHA256

                            e2179c6c0f28de20801b89d068249557d6c5fe19f56df42c45fbeec30451a5a3

                            SHA512

                            8392f769f3ca59f69b542ad7fb466673da3b9dfeceb6d6de5d85eb656de1ca8ee0468b6d7fd7de328121d54cc60f5d26b4dcaac2126e19df5c7f6eca70ea8cfe

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            b15f05dda0165b4d1e34a15168f78d54

                            SHA1

                            bb2612535789c1c781bdf7feae84a42a84ff66a0

                            SHA256

                            9aa1019b12c7a3d5796fbf094e746eca972538b5a9fc4edb2bcef54b722594c9

                            SHA512

                            d32c09309ca9ee599436b0dddc4528658e2ece9513d3e1169321887783f8e7067c0c8f95bde510525f76d0bf7ff98689a28c81205bde9ca5672601541d39058c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            ce528f279a7a9a5ff1d0ae8d770f3cf2

                            SHA1

                            894e20bda3506841e3db552b1db30f3f4056397d

                            SHA256

                            f7e7264d0f6fa0bdf8a397aa2926b22f8cf2355e86ae613b372de67cdaa00af7

                            SHA512

                            b380eea6958782e92366838b6c4ca0062830acc9e1d274ac016ef1d4f6694d0117700593f0c9aa86449babfd75514150a9d510dea8d77c40d6de98399ebd25c0

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            a9e7e88f5672cf841720f425670c7b95

                            SHA1

                            b7aab8e81382f771929c875d561295a5fbb6b062

                            SHA256

                            b50099b50ee6abd6ded25d2b6cc6775e5c6655bca77426eeebb73eb1475a84d4

                            SHA512

                            60339cb26ca651694e1c98576b81bfd4dfd6a2e06fc9f87dd8534e12bcc8556784f216d989d669df4e980514e7c532c41935cbd96bc16f4f82b8fd9e868dcb74

                            Download Submit

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.