Overview

overview

1

Static

static

1

b002a5a062...8.html

windows7-x64

1

b002a5a062...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/06/2024, 20:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b002a5a062b08bc343c52ad0c0e4a961_JaffaCakes118.html

  • Size

    18KB

  • MD5

    b002a5a062b08bc343c52ad0c0e4a961

  • SHA1

    d0d73629b25af767feefa351085a60c32ea6bb30

  • SHA256

    dff9a3502efcb1ce41e9deeadb2d162da88d1a34a3dcdfa30f6db5dffbb44da8

  • SHA512

    a83ebd6f7568c5b2bfdafd2fe47556ded16f63a5f43e5e2f82ac2fe9837d43aa2abc7c6edac5ed846e654340695e58f6c625f868d95d6f4285a09c085702c59a

  • SSDEEP

    192:SIM3t0I5fo9cKivXQWxZxdkVSoAIJ4TzUnjBhlP82qDB8:SIMd0I5nvHRsvlUxDB8

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b002a5a062b08bc343c52ad0c0e4a961_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1220
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe857546f8,0x7ffe85754708,0x7ffe85754718
      2⤵
        PID:3508
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6225163899968322287,13492229613836618280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        2⤵
          PID:3684
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6225163899968322287,13492229613836618280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4552
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,6225163899968322287,13492229613836618280,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
          2⤵
            PID:216
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6225163899968322287,13492229613836618280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
            2⤵
              PID:4864
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6225163899968322287,13492229613836618280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
              2⤵
                PID:4032
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6225163899968322287,13492229613836618280,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4320
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:2780
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4008

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        81e892ca5c5683efdf9135fe0f2adb15

                        SHA1

                        39159b30226d98a465ece1da28dc87088b20ecad

                        SHA256

                        830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

                        SHA512

                        c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        56067634f68231081c4bd5bdbfcc202f

                        SHA1

                        5582776da6ffc75bb0973840fc3d15598bc09eb1

                        SHA256

                        8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

                        SHA512

                        c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        6KB

                        MD5

                        555c6eb385929ed2d3cecf2dd21d69a9

                        SHA1

                        887bf0b082242fa28f55dc064f3b8e7d207fc087

                        SHA256

                        1835d472bc709cfab449cb7f954f56b105fed5a28ff3cbb9b22a476fe73a8a00

                        SHA512

                        2801bb52ab7adc777877a98e9df637607334025b55650ddca8464cf25fb172f6ce7abbb3e3bdcf33b44db2a247e328089a0e8f9401682370061190c8b0194356

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        6KB

                        MD5

                        97e44edb09fb1bf405b87d32c4202a33

                        SHA1

                        008e002008f5563de0a3ba8c634c92e199020e4b

                        SHA256

                        2062eb21b1ed0237e5c8837dbe207667e0e7c73ceb37cb1ac4455c0a88386f7c

                        SHA512

                        96eef4926632a333bb81cfc4bd6443753ecb561dfa9c3578c22faa6f07bbdf5ab7b8efa08e7727d7b8e0fd1deac83000e2b3fb1f46dd53cec904da6f298df0ff

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        6KB

                        MD5

                        151758db801093dc37ddc3a7fda403ef

                        SHA1

                        a533a241f5180421daf9e80b175b8d443cb31f81

                        SHA256

                        6594f387e2769cb19993f679d465e83ad2b08b33a3160d212b7ef70d9ed4b89c

                        SHA512

                        5a7bcf30bbd2f3ab80e99b09b23c0a33ee6d8f39ae365ad69076b6a3b9c7ef692a645f61299ca3bc183b85a3ad5197e67f0ce0f50b89228299da81e540177c95

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                        Filesize

                        11KB

                        MD5

                        ec771f18dd11df6b766cbc3a31598c1c

                        SHA1

                        8c42e241b4de2cfd4d3485bd47acc40340f0ca01

                        SHA256

                        e8e6b244da1104b7271b7a0b02baa042774d3575d8b4c51252f0765b26ed1623

                        SHA512

                        f16102b0d3fbd5472ef9874df4c7685c21c2448e47f70a99cc6baae232add544db082060e89d0aae328c0d4ca11a0eb7b63a41df585cf815ab32bf28c58c3c29

                        Download Submit