Overview

overview

10

Static

static

1

af3df02a6b...8.html

windows7-x64

10

af3df02a6b...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/06/2024, 16:05 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af3df02a6b53d39c8cc993b5c75a017e_JaffaCakes118.html

  • Size

    159KB

  • MD5

    af3df02a6b53d39c8cc993b5c75a017e

  • SHA1

    e254a2590f1ded573dace4ca74cda5a6c6490272

  • SHA256

    fa02ab7171e56763c6f9caee20d083a2b4f00a2f3a276636757075e0ecb651ca

  • SHA512

    0e993ddc725f2eb74cce45bc50a2e2e15ca0377a92a1eec0c5c731d6ffc737b74540c576e4ff80a6a481a6892e0210fcbd1cdfed02d1fffefc63e8cc2931f170

  • SSDEEP

    1536:isRT6VWsBjS3DAyyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:iuSe3DAyyfkMY+BES09JXAnyrZalI+YQ

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\af3df02a6b53d39c8cc993b5c75a017e_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4612
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff956ee46f8,0x7ff956ee4708,0x7ff956ee4718
      2⤵
        PID:4000
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1687601923027664158,3908216492686930093,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
        2⤵
          PID:1396
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1687601923027664158,3908216492686930093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3984
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,1687601923027664158,3908216492686930093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
          2⤵
            PID:1740
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1687601923027664158,3908216492686930093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
            2⤵
              PID:4828
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1687601923027664158,3908216492686930093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
              2⤵
                PID:2044
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1687601923027664158,3908216492686930093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
                2⤵
                  PID:5024
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1687601923027664158,3908216492686930093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4836
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1687601923027664158,3908216492686930093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
                  2⤵
                    PID:1080
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1687601923027664158,3908216492686930093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
                    2⤵
                      PID:1828
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1687601923027664158,3908216492686930093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
                      2⤵
                        PID:3144
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1687601923027664158,3908216492686930093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
                        2⤵
                          PID:4672
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1687601923027664158,3908216492686930093,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4336 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:724
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2304
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3668

                          Network

                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            www.lni7uu.top
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.lni7uu.top
                            IN A
                          • flag-us
                            DNS
                            www.lni7uu.top
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.lni7uu.top
                            IN A
                          • flag-us
                            DNS
                            www.lni7uu.top
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.lni7uu.top
                            IN A
                          • flag-us
                            DNS
                            www.lni7uu.top
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.lni7uu.top
                            IN A
                          • flag-us
                            DNS
                            www.lni7uu.top
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.lni7uu.top
                            IN A
                          • flag-us
                            DNS
                            www.lni7uu.top
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.lni7uu.top
                            IN A
                          • flag-us
                            DNS
                            www.lni7uu.top
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.lni7uu.top
                            IN A
                          • flag-us
                            DNS
                            www.lni7uu.top
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.lni7uu.top
                            IN A
                          • flag-us
                            DNS
                            www.lni7uu.top
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.lni7uu.top
                            IN A
                          • flag-us
                            DNS
                            www.lni7uu.top
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.lni7uu.top
                            IN A
                          • flag-us
                            DNS
                            news.share.baidu.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            news.share.baidu.com
                            IN A
                          • flag-us
                            DNS
                            news.share.baidu.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            news.share.baidu.com
                            IN A
                          • flag-us
                            DNS
                            news.share.baidu.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            news.share.baidu.com
                            IN A
                          • flag-us
                            DNS
                            news.share.baidu.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            news.share.baidu.com
                            IN A
                          • flag-us
                            DNS
                            news.share.baidu.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            news.share.baidu.com
                            IN A
                          No results found
                          • 8.8.8.8:53
                            8.8.8.8.in-addr.arpa
                            dns
                            330 B
                             5

                            DNS Request

                            8.8.8.8.in-addr.arpa

                            DNS Request

                            8.8.8.8.in-addr.arpa

                            DNS Request

                            8.8.8.8.in-addr.arpa

                            DNS Request

                            8.8.8.8.in-addr.arpa

                            DNS Request

                            8.8.8.8.in-addr.arpa

                          • 8.8.8.8:53
                            www.lni7uu.top
                            dns
                            msedge.exe
                            300 B
                             5

                            DNS Request

                            www.lni7uu.top

                            DNS Request

                            www.lni7uu.top

                            DNS Request

                            www.lni7uu.top

                            DNS Request

                            www.lni7uu.top

                            DNS Request

                            www.lni7uu.top

                          • 224.0.0.251:5353
                            msedge.exe
                            527 B
                             8
                          • 8.8.8.8:53
                            www.lni7uu.top
                            dns
                            msedge.exe
                            300 B
                             5

                            DNS Request

                            www.lni7uu.top

                            DNS Request

                            www.lni7uu.top

                            DNS Request

                            www.lni7uu.top

                            DNS Request

                            www.lni7uu.top

                            DNS Request

                            www.lni7uu.top

                          • 8.8.8.8:53
                            news.share.baidu.com
                            dns
                            msedge.exe
                            330 B
                             5

                            DNS Request

                            news.share.baidu.com

                            DNS Request

                            news.share.baidu.com

                            DNS Request

                            news.share.baidu.com

                            DNS Request

                            news.share.baidu.com

                            DNS Request

                            news.share.baidu.com

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            ce4c898f8fc7601e2fbc252fdadb5115

                            SHA1

                            01bf06badc5da353e539c7c07527d30dccc55a91

                            SHA256

                            bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

                            SHA512

                            80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            4158365912175436289496136e7912c2

                            SHA1

                            813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

                            SHA256

                            354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

                            SHA512

                            74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            56133547b4955c1e7e687952e12818cc

                            SHA1

                            0d27589c27d8628abd6116016b9c52214b9dd8ae

                            SHA256

                            46634dc19b620011674c95e21cc4d3d1e1f729cdffa9807152ba26c191c4a5e2

                            SHA512

                            a994cf773cb5ffdf5e090e9ca86ccce83f55d2b0a4ef47473a1b0aeecbb06f151a453bea25a0d143abae21974592ff16194865dd647a25feaf24bc9990b70625

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            c1daeed08494e259a409192a2f081c0c

                            SHA1

                            b886fd884efc15866e6a70a9ef04a067afe638e0

                            SHA256

                            5655ef260d604e379173c03df0f57c9a8139b1e54292e7275057b98e1b49a03a

                            SHA512

                            c92a979f497c5f49a64317a7a9d08c78eb6e3679d398a697081dced6375079e3f27b6d1fa0443ffc2fe735826b570c2aec46a986b1f56c64a4c0eca0e4f9b98b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            8KB

                            MD5

                            2ad8b5ff3b8b543cee9e4b1f44cd40e2

                            SHA1

                            0cf9ec600f33a0dd1eb70cf0793795d39cfcb0fb

                            SHA256

                            32aa19acaa8c526e5927fa766e1068874d4dafda70ada0ac74a608013fc83a91

                            SHA512

                            e5f3a66eb7deeaef009432e3074889ac7c27b9321c730f4b05b73469328501179c4136f94c8d4fd9de3b188d399d25a971661420ee13f9f3a19296baa83e6f80

                            Download Submit

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.