Overview

overview

1

Static

static

1

85f86317f8...8.html

windows7-x64

1

85f86317f8...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2024 04:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85f86317f8de163a3275455ca03530fa_JaffaCakes118.html

  • Size

    214KB

  • MD5

    85f86317f8de163a3275455ca03530fa

  • SHA1

    aba7549e72594489f78015cb59eb39d85384282b

  • SHA256

    e87270fcc1014d720524e6de3e42139c50adb43a8adab16571f4fa95b849570d

  • SHA512

    185e5da250df2c3a7de024da8723304f920596230bbeda63fbf9df7bda982f9e58faa19bc542b26328d0aa8eb767552ad9b994031cf72d92f26450db426dbac8

  • SSDEEP

    3072:2rhB9CyHxX7Be7iAvtLPbAwuBNKifXTJYL:uz9VxLY7iAVLTBQJlY

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\85f86317f8de163a3275455ca03530fa_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8699846f8,0x7ff869984708,0x7ff869984718
      2⤵
        PID:3084
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,547409402972091601,11621102662723582597,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        2⤵
          PID:1564
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,547409402972091601,11621102662723582597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2556
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,547409402972091601,11621102662723582597,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
          2⤵
            PID:4708
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,547409402972091601,11621102662723582597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
            2⤵
              PID:3768
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,547409402972091601,11621102662723582597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
              2⤵
                PID:1876
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,547409402972091601,11621102662723582597,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4268
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:2832
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:1928

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  4f7152bc5a1a715ef481e37d1c791959

                  SHA1

                  c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

                  SHA256

                  704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

                  SHA512

                  2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  ea98e583ad99df195d29aa066204ab56

                  SHA1

                  f89398664af0179641aa0138b337097b617cb2db

                  SHA256

                  a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

                  SHA512

                  e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  399dd7af3ebf03646e558ac8f7e708da

                  SHA1

                  2dc58c487d6e45ac88403f9ab207837971e6e3fa

                  SHA256

                  5d517dd1f2c38aa4ea6810331e29463c6158f24ee66d6958c480794d5ae98b09

                  SHA512

                  8b9ab1d33fbaf64f134dafdf0135e0d134092ffacfa75dcdcd893e1714056666ce0a600c4e76ae761257c6e336f05e8cad845d2df93c9094b285c7e163251795

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  164c13c5c2eecf08b4fd3cb0f9110df1

                  SHA1

                  c0e24ffcdcffe60146b0ff3ab3e2153f64955bd1

                  SHA256

                  727609693c995687a34b53ef228ed4eb7ea707ffc1b0910abc25a5d605a892d3

                  SHA512

                  6b747093de98adf7ae553c6c895e1faa0d978dd414aa376b187610d0295594f0a26b9364f83c99f11a63129703f6c3920362116a920aaea3b9fcd064ae56f7fc

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  28f80c95ff8dd51fcaf87e6e7bc98f0c

                  SHA1

                  4ad64dc506b86fa87b89824f296dc5ad08b91a27

                  SHA256

                  0a7384c1f03d8d5abd974056551ec9a6d522981eb766f17b80b51d0c4338a436

                  SHA512

                  ea9a0e6f144ad56fced81567b972f6382ba8e41da2cdf30ba56e695dee90bd41eeba0e67b0b4e7a9be5c27ea4eca8048393376b8bd6de7bc6dbab74729c92eb9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  10KB

                  MD5

                  2597905b4fb6095e39390882f7a20637

                  SHA1

                  c48a16b78fea9f8e6a73c07048760adb69645ddd

                  SHA256

                  4e0bf4baa861fabfd9846491a96556ebad32916441d59ff9a45be5a521d163fa

                  SHA512

                  c285cf49ad3d071fd704cb81e8b089e07d3f4c2a5488eb105926b719bddd161c1e13efa3f65220fea8e411d3f61dd6464db1a2ea0e8ca170711ca714ab2bef4b

                  Download Submit