Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
11/06/2024, 08:35 UTC
General
-
Target
9d925e8841a192e335eec66088beb46b_JaffaCakes118.html
-
Size
76KB
-
MD5
9d925e8841a192e335eec66088beb46b
-
SHA1
a3a74d9259ccf636f860d3106bbddaaaf37bde7a
-
SHA256
05d7e3d8c6a0adbbe3843229178745ce5877a8f7cfbe7fa0c957a7cbcbe9e68c
-
SHA512
725bd630b0f0473547c88cc1dc2a4f82d031a8b981b89a3577e0bc9d7dc7af71940854c12fabd63a90df17c098d52ba1e22fadbe47602c0cbcb8b29206f0a65a
-
SSDEEP
768:SNA/RaBgtYTSxGInh8yoyhyDrS3069NLIL7rTvIdg5uFyEPP4WsDa/UpMsX:SNAZM9j69NLIL7HgdUBpMsX
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9d925e8841a192e335eec66088beb46b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4dd946f8,0x7ffd4dd94708,0x7ffd4dd947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,14888730223245699084,11970236115914237832,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,14888730223245699084,11970236115914237832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,14888730223245699084,11970236115914237832,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14888730223245699084,11970236115914237832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14888730223245699084,11970236115914237832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14888730223245699084,11970236115914237832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,14888730223245699084,11970236115914237832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,14888730223245699084,11970236115914237832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14888730223245699084,11970236115914237832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14888730223245699084,11970236115914237832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14888730223245699084,11970236115914237832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14888730223245699084,11970236115914237832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,14888730223245699084,11970236115914237832,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5160 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
-
DNSinformpromo.comRemote address:8.8.8.8:53Requestinformpromo.comIN A -
DNSinformpromo.comRemote address:8.8.8.8:53Requestinformpromo.comIN A
-
DNSinformpromo.comRemote address:8.8.8.8:53Requestinformpromo.comIN A
-
DNSinformpromo.comRemote address:8.8.8.8:53Requestinformpromo.comIN A
-
DNSinformpromo.comRemote address:8.8.8.8:53Requestinformpromo.comIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
-
DNSstatic.general-community.comRemote address:8.8.8.8:53Requeststatic.general-community.comIN A
-
DNSstatic.general-community.comRemote address:8.8.8.8:53Requeststatic.general-community.comIN A
-
DNSstatic.general-community.comRemote address:8.8.8.8:53Requeststatic.general-community.comIN A
-
DNSstatic.general-community.comRemote address:8.8.8.8:53Requeststatic.general-community.comIN A
-
DNSstatic.general-community.comRemote address:8.8.8.8:53Requeststatic.general-community.comIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
-
DNSs7.addthis.comRemote address:8.8.8.8:53Requests7.addthis.comIN A
-
DNSs7.addthis.comRemote address:8.8.8.8:53Requests7.addthis.comIN A
-
DNSs7.addthis.comRemote address:8.8.8.8:53Requests7.addthis.comIN A
-
DNSs7.addthis.comRemote address:8.8.8.8:53Requests7.addthis.comIN A
-
DNSs7.addthis.comRemote address:8.8.8.8:53Requests7.addthis.comIN A
-
DNScookies.ambercrow.comRemote address:8.8.8.8:53Requestcookies.ambercrow.comIN A
-
DNScookies.ambercrow.comRemote address:8.8.8.8:53Requestcookies.ambercrow.comIN A
-
DNScookies.ambercrow.comRemote address:8.8.8.8:53Requestcookies.ambercrow.comIN A
-
DNScookies.ambercrow.comRemote address:8.8.8.8:53Requestcookies.ambercrow.comIN A
-
DNScookies.ambercrow.comRemote address:8.8.8.8:53Requestcookies.ambercrow.comIN A
-
DNSwww.bcloudhost.comRemote address:8.8.8.8:53Requestwww.bcloudhost.comIN A
-
DNSwww.bcloudhost.comRemote address:8.8.8.8:53Requestwww.bcloudhost.comIN A
-
DNSwww.bcloudhost.comRemote address:8.8.8.8:53Requestwww.bcloudhost.comIN A
-
DNSwww.bcloudhost.comRemote address:8.8.8.8:53Requestwww.bcloudhost.comIN A
-
DNSwww.bcloudhost.comRemote address:8.8.8.8:53Requestwww.bcloudhost.comIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
-
DNSstatic.generalfil.esRemote address:8.8.8.8:53Requeststatic.generalfil.esIN A
No results found
-
8.8.8.8:53informpromo.comdns
DNS Request
informpromo.com
DNS Request
informpromo.com
DNS Request
informpromo.com
DNS Request
informpromo.com
DNS Request
informpromo.com
-
8.8.8.8:53static.generalfil.esdns
DNS Request
static.generalfil.es
DNS Request
static.generalfil.es
DNS Request
static.generalfil.es
DNS Request
static.generalfil.es
DNS Request
static.generalfil.es
-
8.8.8.8:53static.general-community.comdns
DNS Request
static.general-community.com
DNS Request
static.general-community.com
DNS Request
static.general-community.com
DNS Request
static.general-community.com
DNS Request
static.general-community.com
-
224.0.0.251:5353 -
8.8.8.8:53static.generalfil.esdns
DNS Request
static.generalfil.es
DNS Request
static.generalfil.es
DNS Request
static.generalfil.es
DNS Request
static.generalfil.es
DNS Request
static.generalfil.es
-
8.8.8.8:53s7.addthis.comdns
DNS Request
s7.addthis.com
DNS Request
s7.addthis.com
DNS Request
s7.addthis.com
DNS Request
s7.addthis.com
DNS Request
s7.addthis.com
-
8.8.8.8:53cookies.ambercrow.comdns
DNS Request
cookies.ambercrow.com
DNS Request
cookies.ambercrow.com
DNS Request
cookies.ambercrow.com
DNS Request
cookies.ambercrow.com
DNS Request
cookies.ambercrow.com
-
8.8.8.8:53www.bcloudhost.comdns
DNS Request
www.bcloudhost.com
DNS Request
www.bcloudhost.com
DNS Request
www.bcloudhost.com
DNS Request
www.bcloudhost.com
DNS Request
www.bcloudhost.com
-
8.8.8.8:53static.generalfil.esdns
DNS Request
static.generalfil.es
DNS Request
static.generalfil.es
DNS Request
static.generalfil.es
DNS Request
static.generalfil.es
DNS Request
static.generalfil.es
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
5KB
MD559db42ba459cb9c0c61260447e76dbff
SHA1a89ff8445533ec35a68a8398f7cb07a640fe88b7
SHA256e93eb928ef08caf6cb5b364002c564425a0b2ba80cb0d5f8a6cf6752ba470932
SHA512f500fb28c06de81f39a866baa138bb2f57bc746aa17eb84d9ca481ac66503c88faaa559ac419fcf7ffff9a36c6297855a940d0da280211ef7db7d376934774fb
-
Filesize
6KB
MD5d8e2b086a95d6cc2ece4080f7d51ab06
SHA1ad2986023d595ac1861c317b0b69125ab09b9418
SHA2564cbc39c7566b2849d01b1e2a7d74e16d85a21eeb5b92c54a674c27dceaa2be2a
SHA51284e3f9d99dce104daedc2162a1ad468cf0878f7317f9e23df9059b4ec29fb6fe0c4496ee0a31225dea66470b29003f3f4c15af4de1d3dbbe4e5208c152d29969
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5638f10c7abb5bfa6a14febdf36a9c29e
SHA1301d85e47490e71215db3415f8fff15e8e8c925a
SHA2560f749ba6b79003ebb40f9bc08453f6eb32290df544f709bf5fcfd468ad03d057
SHA512247fc552a36c995ea67d401c61cd3f19a195fdb7f19e4c5be1a2eae13c1e2380ed1d6f593986d4bb9d45356715d00fd2364d4e74ff5028e7eb3f10ca6b6e7cd9