Overview

overview

1

Static

static

1

8d1eea926e...8.html

windows7-x64

1

8d1eea926e...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-06-2024 06:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d1eea926ed142561c64ac8462910326_JaffaCakes118.html

  • Size

    42KB

  • MD5

    8d1eea926ed142561c64ac8462910326

  • SHA1

    9bb18c8e1fbbef02c2106d7d8f7af4af7c131487

  • SHA256

    cd32a203c5bb8119016de79504e67c60cd606c2d09d704f2044351385870c278

  • SHA512

    5f3f30891a4a589b03ec7f55c7e5e85cebcc74eb7078104c4eda9375c5594a52ed90fe3a2fb6a46ee56d959be06323397955d3712c8a559da08655f2f2101706

  • SSDEEP

    768:gZoLolSeoh5w0rzWro74LS7xwhJH1uo6qVgniR2S9e0b:gZokseu3rei4WO56qVgniBb

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8d1eea926ed142561c64ac8462910326_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcce9946f8,0x7ffcce994708,0x7ffcce994718
      2⤵
        PID:5032
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        2⤵
          PID:3964
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2604
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
          2⤵
            PID:4596
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
            2⤵
              PID:3628
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
              2⤵
                PID:2744
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
                2⤵
                  PID:2808
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
                  2⤵
                    PID:3436
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
                    2⤵
                      PID:2396
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
                      2⤵
                        PID:3872
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
                        2⤵
                          PID:3428
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 /prefetch:8
                          2⤵
                            PID:5080
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2720
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
                            2⤵
                              PID:2128
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
                              2⤵
                                PID:1912
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
                                2⤵
                                  PID:3236
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
                                  2⤵
                                    PID:2984
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14114460991490061236,5227159143798678481,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6740 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:3760
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:1008
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3316

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      4b4f91fa1b362ba5341ecb2836438dea

                                      SHA1

                                      9561f5aabed742404d455da735259a2c6781fa07

                                      SHA256

                                      d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

                                      SHA512

                                      fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      eaa3db555ab5bc0cb364826204aad3f0

                                      SHA1

                                      a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

                                      SHA256

                                      ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

                                      SHA512

                                      e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      216B

                                      MD5

                                      6005ca738d7e8c428e5b26d669ddd78f

                                      SHA1

                                      d658aac65c85a3e3604b39dfe30ad47d427c1b3b

                                      SHA256

                                      303b0d0a48cab10c88c1121f5239a752b5cba97f5ab4a1e2c7f94c5d21eedc32

                                      SHA512

                                      4c62e999cdaf12f716955f87f386fcdd406e7ae22979b3c9525359e20b511fd0df801e1881298f2ae434d21f3023cb7d02c545e1e319f048945a478e3090ab55

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      2KB

                                      MD5

                                      a64031844a6bcb1b44ec8b5eeaeb971f

                                      SHA1

                                      8454a608851b2d944e74c7cfffac1eafe37a7f7a

                                      SHA256

                                      57e0e4732ca6dcf1a2f093a75fbba2cea208a4d8029382f7868d52464b357f0a

                                      SHA512

                                      2f9c48cac02dc282c30f163945374c26fb8c063872cdc865776652364cdb5263ab97c096a429e175ccf3c654e157eb0dd42f704c52963ceff665a97c31c4ac80

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      2ce5fb256ef3f5a82c8aa90e6372c6a2

                                      SHA1

                                      74d5e0c794d31cbb27a8a8e7abe47a16c3d3787c

                                      SHA256

                                      6541449ce777760d4a3b12e3b1ee41940e8c49811158bf9a56df276e3afc7a9a

                                      SHA512

                                      bdd9b1ba4398f6b3df136a5795dbabd676928180d7d6f687339915287f0aaf2602a6c20ea234afb392c9ec1e55827ea3b95d4588aaa7f9f37e5ae76125d09d23

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      2ac2bbf04797ea1d5a1a746ac3200434

                                      SHA1

                                      536f39be3d5b76d17eb97d7ee1b07a9cf02884f0

                                      SHA256

                                      25fff3a87c7def1df05f46c72ea1f6b226f4aa84c2366a02fb79de88ff27781e

                                      SHA512

                                      fadee8d1cef58ea6aaba4a5a60158ac26d1dba35c36cb298f5edc11c48ebb773becccbc97906a1783130de82fee4ef9ab05486ceb0f7a965c8481dfeec0a9a59

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      7KB

                                      MD5

                                      6f2c587d13b477572bf2b61d8e5186c8

                                      SHA1

                                      c382fadca6ab2b02d4ee7876daaef6548fcaaf22

                                      SHA256

                                      2cf39c653e7e310c8099e4faa0e66b96ffb228f8dd44aabd97ceee66093498bd

                                      SHA512

                                      9dfb3681ad9de364517d6fcf649b6adc0f827d274e71c551e81aa496425e3bf8f936eaa85310bdb804d21204c9c00682620effab328f14adafa7db42dc183863

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      1bb890a5088ea0605d41550ee259d79a

                                      SHA1

                                      68a3ab5ec89a22917f15bd95560c594eab6e6352

                                      SHA256

                                      4472b87a6ce3619efd201d0f86edec6c464062c8f6f632ff1877d294a2277aca

                                      SHA512

                                      983b865c926b202a6814bd98c43b035f3becba503be74668173b3c942d02b3bd5825554a81758c9385422b98ef0c4b0922556f681ec0f2d1f5d1bf5dbfe7bf8b

                                      Download Submit