Overview

overview

1

Static

static

1

b4b71dde71...8.html

windows7-x64

1

b4b71dde71...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/06/2024, 19:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b4b71dde7111ff8a473e386ef9a4809a_JaffaCakes118.html

  • Size

    67KB

  • MD5

    b4b71dde7111ff8a473e386ef9a4809a

  • SHA1

    068f208cecd4b4015f08eb418b91e2f3742a592a

  • SHA256

    391bf63cfb694b1d261b14b679f219d994c89ba63d7da89385121cd7e3d94f23

  • SHA512

    9448524bd2bf6bb45f4f05c6067da7e3aff4e319b740298464ff5e97d7ecaffba6318ab2e426d87b467dfe9d6e57de98e991bb1ebe20c151f0f4fa1ed8e33581

  • SSDEEP

    768:JijgcMiR3sI2PDDnX0g6rTYzrmkmOULOmOhc2ZoTyv1wCZkofyMdtbBnfBgN8/lQ:JdMai17WcNTcNeD0tbrga94hcuNnQC

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b4b71dde7111ff8a473e386ef9a4809a_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4528
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbcf1b46f8,0x7ffbcf1b4708,0x7ffbcf1b4718
      2⤵
        PID:4748
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4872986296751052674,11890340135898045431,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
        2⤵
          PID:2940
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4872986296751052674,11890340135898045431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4036
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,4872986296751052674,11890340135898045431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
          2⤵
            PID:4372
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4872986296751052674,11890340135898045431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
            2⤵
              PID:4772
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4872986296751052674,11890340135898045431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
              2⤵
                PID:4488
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4872986296751052674,11890340135898045431,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4476 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4512
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:4924
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4396

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        477462b6ad8eaaf8d38f5e3a4daf17b0

                        SHA1

                        86174e670c44767c08a39cc2a53c09c318326201

                        SHA256

                        e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

                        SHA512

                        a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        b704c9ca0493bd4548ac9c69dc4a4f27

                        SHA1

                        a3e5e54e630dabe55ca18a798d9f5681e0620ba7

                        SHA256

                        2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

                        SHA512

                        69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        6KB

                        MD5

                        3c5e0b390a0cf28d5fe3f35a916b8943

                        SHA1

                        c341cb670f98db026c81c619e7ffbcdd640c6c37

                        SHA256

                        23994c246577c1c8d5c8c9ba863792fd3195ff7c1ed38725935146f5702c823d

                        SHA512

                        43d68688f6ad314e141a71ff66707715981328b2e27fa4e67b3b048512b2450fb506d2617e58f3b00749972a97d45b992c035db465ee27eb44e4790159e5bc5d

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                        Filesize

                        8KB

                        MD5

                        380edc0a5833edba343f5f3f0c934d6a

                        SHA1

                        d069f9817b4c423e578be09f3e6b31e141328a9d

                        SHA256

                        d0c22b148facd75f83226117ad5d2fd734dda00ecdd5f77be25f78fced73b97f

                        SHA512

                        337fef59f5836406981c654f49829ce0809bd80954fb95137a0192e2092c9b9030990053ddcdb29e706a5997b42d7012a3a5f636d3d8fe39dfb3b331db95e83e

                        Download Submit