Overview

overview

1

Static

static

1

33cfc9ab31...8.html

windows7-x64

1

33cfc9ab31...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2024, 07:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33cfc9ab31a78825cfcb20edd1771bf4_JaffaCakes118.html

  • Size

    58KB

  • MD5

    33cfc9ab31a78825cfcb20edd1771bf4

  • SHA1

    5908cd311344728600a936798d84f1ba8bac7c1a

  • SHA256

    628aa7a4b41b9e810337f11f782e1e6b9a708b80c4dc49291e41e6a92fa04302

  • SHA512

    7a954a753474c1da2dfc907be679e19e23fb3ba2e35a1803bba9241585cec96e8f68d829fccd701e3020abe68e23cef6a913499e2b3a03493335f69f221a21cf

  • SSDEEP

    768:ct3xsS3yiPSO9GLInfKcypSO1Y8HOoVl1/a7+GWEegcDI2SiS7wRK:NSCih9G8nfGp5BGWEegcDG

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\33cfc9ab31a78825cfcb20edd1771bf4_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4956
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6e4a46f8,0x7ffe6e4a4708,0x7ffe6e4a4718
      2⤵
        PID:856
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        2⤵
          PID:3312
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1460
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3020 /prefetch:8
          2⤵
            PID:5020
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
            2⤵
              PID:4740
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
              2⤵
                PID:5048
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
                2⤵
                  PID:4104
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
                  2⤵
                    PID:4008
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
                    2⤵
                      PID:3116
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
                      2⤵
                        PID:3508
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
                        2⤵
                          PID:2964
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8
                          2⤵
                            PID:1992
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5044
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
                            2⤵
                              PID:2608
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
                              2⤵
                                PID:2536
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
                                2⤵
                                  PID:344
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
                                  2⤵
                                    PID:3276
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15418851522434917736,4944908047217275697,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4016 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4212
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:1484
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:1232

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0f22dcf5-d380-4fe2-9738-030093424d07.tmp
                                      Filesize

                                      11KB

                                      MD5

                                      fc21402416f6c0886087bfe12c4755e7

                                      SHA1

                                      bd56ce79693fabfb0d38a4d47137674a52d04203

                                      SHA256

                                      b9f7a205d2e01dace01bd8f55f6f18e2155616ca99e0bf33cef212b13dc16233

                                      SHA512

                                      090288f8924b10e420ffc1357f26695b70001521963dac48648204379625b99e888455fade1bbe401f931e149f921b7964246204c31eb0be609950254bc1503c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      6c86c838cf1dc704d2be375f04e1e6c6

                                      SHA1

                                      ad2911a13a3addc86cc46d4329b2b1621cbe7e35

                                      SHA256

                                      dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

                                      SHA512

                                      a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      27f3335bf37563e4537db3624ee378da

                                      SHA1

                                      57543abc3d97c2a2b251b446820894f4b0111aeb

                                      SHA256

                                      494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

                                      SHA512

                                      2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      408B

                                      MD5

                                      e1ed2eecd6fee8dd8248ff9cf491f69e

                                      SHA1

                                      67fa8290e7c3d8bebe28634fd4a10076757e126a

                                      SHA256

                                      33c1c8ee982372a87c7500e8331637b39817a182972d693b1dc566c5ef719002

                                      SHA512

                                      c401b2684df20a5a11f89da861735abe93f4107f7d9ebd66d4441bb6a423a391b08c2c2ef5a6c99c98263fa4a7ce407004571a7a6c972d4b80ad6e5ad93964a8

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      432B

                                      MD5

                                      3875452c1264ece3bff0a5990568e3cb

                                      SHA1

                                      3fc8aea9aeab69af2b31b5dde45befb230e21e05

                                      SHA256

                                      d40b0f103881e11fe63f8e8684cf426fdc4e092ba4a01073af7e01c9bf276f3c

                                      SHA512

                                      45f5accb489898486d80fdb67d217fb95785f80972b921eb72b7e91ae312ed1357f52850a1e174f83cd20ff9d9250625c0b2a41cfd56c175f56758d232a685aa

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      7f9ed920c5dbf1fec46241cc50d3d6ca

                                      SHA1

                                      b2fe54e4f3d83ab12d2e2df349cabf66b180aa53

                                      SHA256

                                      57536c1db96094fe8ff99b89d49a7127e5a73368f58db703661a4d6ea959cea4

                                      SHA512

                                      bc39f23637fcb1fb6556b6632662853f6745f5c537528e01d6bea2ab1e0906ba9263e3230bd71162e03f066e859cf3d8174560f89667cad4ff9aaba8826b9989

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      7KB

                                      MD5

                                      8544791427abb3de5a43b413bcb4425a

                                      SHA1

                                      ca843031735fce9a30330923cce48ddfe364f1c3

                                      SHA256

                                      400def30fcd91fa3f8508923fffe290d0c87d5af3afcccb7909d34a6460acb30

                                      SHA512

                                      a12dafcd8796013fa69c90053861aafdd95a4732a2f123c25ef511e286683d132d6bec91a3d39ae516e06116d37cdb05fc5fe9908486e00ba7607704c52644ba

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      7KB

                                      MD5

                                      c79db6b8c4261d914da2d3361b623432

                                      SHA1

                                      52fa6b3cb2efe440998515a578564ae5739ae71b

                                      SHA256

                                      3da7f5af638a6982a8807e8e6571604c8e718c0b4f648070b9e3bfcfac1a72bc

                                      SHA512

                                      fb31182f3f534b18704636503dee40edc909fc42878832709a468bbbfa5050d68cafc17d80e08a22ea3503b7fbc501d9e335f0a4598b5c9ca4bf11a70dd9dad3

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      280b1c1a44e45428455fbbe089f05610

                                      SHA1

                                      8486e063fe2960349127cf8d2242ee87592ce168

                                      SHA256

                                      35007f4eb1e613f23980f6a63f3a139ecabe01112d631eee587bfeeb58028ec7

                                      SHA512

                                      cddd1314d10105966f7ae2e88b1bbbfae3b3db5cfd2e8d7f34b1e1b6f985759b17bdaeba827bc168bd320f750a337c23d1f31b1c64254aa4f145d276f35f43d7

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit