Overview

overview

1

Static

static

1

67f2497210...8.html

windows7-x64

1

67f2497210...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 14:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67f24972105d0fbd69b03a3ed5f3abca_JaffaCakes118.html

  • Size

    95KB

  • MD5

    67f24972105d0fbd69b03a3ed5f3abca

  • SHA1

    57596f504728622e9dfb1d2fbdd2d5ebfee2eed4

  • SHA256

    561646ef30a5be56c380a11af11cfd13ae0669c8e2a78fc519603dc9a2a00e92

  • SHA512

    0a128c109184c40f9a3e974b59572543085097f4aa6a1d9c9220216d783d9b963e79f5c59e7a73ebc1792b1c6a0c3c3a7a9d9285b1427356915b9a34014810f3

  • SSDEEP

    1536:hpv/+I8GSt+y+3h+v+cIxIqs+b9+z+7MWnFyHfodCh+FNc5B7R:T2nt+y+R+v+e+5+z+wWFyHfodCh+FNc5

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\67f24972105d0fbd69b03a3ed5f3abca_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1072
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa123d46f8,0x7ffa123d4708,0x7ffa123d4718
      2⤵
        PID:1004
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        2⤵
          PID:2684
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2708
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
          2⤵
            PID:4364
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
            2⤵
              PID:320
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
              2⤵
                PID:2240
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
                2⤵
                  PID:3424
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
                  2⤵
                    PID:4876
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
                    2⤵
                      PID:3096
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
                      2⤵
                        PID:4492
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
                        2⤵
                          PID:2060
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7020 /prefetch:8
                          2⤵
                            PID:3604
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7020 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2964
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
                            2⤵
                              PID:3640
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
                              2⤵
                                PID:216
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
                                2⤵
                                  PID:3016
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
                                  2⤵
                                    PID:3604
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4084062764769205251,2279144009683684300,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4488
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4228
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:2756

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      1f9d180c0bcf71b48e7bc8302f85c28f

                                      SHA1

                                      ade94a8e51c446383dc0a45edf5aad5fa20edf3c

                                      SHA256

                                      a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

                                      SHA512

                                      282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      60ead4145eb78b972baf6c6270ae6d72

                                      SHA1

                                      e71f4507bea5b518d9ee9fb2d523c5a11adea842

                                      SHA256

                                      b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

                                      SHA512

                                      8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
                                      Filesize

                                      23KB

                                      MD5

                                      fb1a4e8823f0d297688e8017ae5e3412

                                      SHA1

                                      4a861e1c3766f2792458201f7c9669ead8a9719e

                                      SHA256

                                      cdaad26282ea779773f9e585863d1d72e95b88f614b3da1cca834494dc34149e

                                      SHA512

                                      21738183bcd615c670784da1d0c1083ca28691aee710819cecc177c89ae3c0e23b378e36bbaa9f4f83d947335d17e640d7049e4e84ce72d637062a69e5fa5101

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      120B

                                      MD5

                                      a4ab74c5fbe0b7a44c7704295be99314

                                      SHA1

                                      b68fc2ebfb960adbd3498a7e1df751e8afb6f762

                                      SHA256

                                      1179008cff3acdc3fcb0ce695c64b889544137c1a7bbfe10821089591ec900c7

                                      SHA512

                                      3f1967119d1e73b4b1d685bedb3f2a66c745416563b5107c043b883a416fdd3534355d834a1dc85dde32fc557ff05c1e6caa938cb736f51241529d5e01b1706b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      144B

                                      MD5

                                      775c0bb8af132fd0bafad6ed592f4787

                                      SHA1

                                      205c89e27ee8a0d89d0e61a60bc353928bda1318

                                      SHA256

                                      f08bcc5ef6a83db7b1db988f88235a1758be67b2506603867761f8692dd1028f

                                      SHA512

                                      c6751964d2aff4181b00c8bb9cab8a769d67fcd63ace6e309a8ab4533f307cb9c654795a4eff011c7b535b5bd848940d002b964ed0c03dbb3749f59b194f17e9

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      90f4b92eaddefdae3e92dc3af52775f0

                                      SHA1

                                      cd2f0bb618b173822310e52154c9f0d2ab00f09d

                                      SHA256

                                      e908e0b28586278799fdaa9e09895f83cf63bcd44315ca16834a700ba5365e8b

                                      SHA512

                                      93c7e5a9b255f55c2fa104e5c2e987ce9db24f859a706b2743210cf62c9645c02c121f9249b23b9af75187521fcb5dc8c8082f6638eaf5ff3921f1ad96dfa722

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      7KB

                                      MD5

                                      0e85bf2e783ee0ed16805d5fafa3bc7e

                                      SHA1

                                      3bf7d7dbe6f8b319d7f9efc4a7224b95721bb0f4

                                      SHA256

                                      4ef833677d53588f85a411e154e42873982708f8f4bf97e7e43ef5c0c7a84fe9

                                      SHA512

                                      c7008e2174d5b92a36a805265ef356ecfb5bcc096ea58c81c13da8a3f6e0c800f1a82bf7e22af93afc86f4723b7279650af061176fee3c1ee6f49a1d05226561

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      8KB

                                      MD5

                                      4406795eb9358a5f4c170cd44b376036

                                      SHA1

                                      57155f70944d8c112cabcbf927e55366fe1a1442

                                      SHA256

                                      04c678cb7ea2254b3895ab9f9b5289a6d677d9b69eb42a96530d449f9ebcdec9

                                      SHA512

                                      c453f1e73d807e08cee652ae0b1d1af41f3de46048f9bcc1eeb5d29dcd5c5285e34d7ccf8f7fdb9554d69c9237674aa746b79885460d1f2ee5878a87f0145741

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      370B

                                      MD5

                                      eadaeefaa6865cb3b4870b072679b092

                                      SHA1

                                      e11151241d6cdba2ddb2817bde929fdd76fe06db

                                      SHA256

                                      51133d26112d492d282e102faf3286f5ca3d237daceeaa5e3a478ea23b9452c1

                                      SHA512

                                      9e467c31530bb55e77d79122b1c8e69208d67a80ef60b081a6b8c1cf3d9d8a930639a87efc1d6cc4cbfac3bf831320a38b651f0f784842e808346674b95ce794

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580a7b.TMP
                                      Filesize

                                      370B

                                      MD5

                                      882d25f930f4bad6617cd872b0381750

                                      SHA1

                                      3221b35045c3921e6c5fcb2ec5c54734f23c5816

                                      SHA256

                                      6d49bccdd4a381a9ed26b4d156d8bf2ecf07d0a209a765ea734c7533d89ca726

                                      SHA512

                                      d2400a31aab0e689d0776f9bb175e749b68a3a5da3c83a3a5dbe4c7eaf581a5264ef1447b19cdfe5bbe69982a5371aa77902ab865694b467756d53516d2adc2a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bb93ac9d-cd00-4e6e-91bc-db0926f720f2.tmp
                                      Filesize

                                      5KB

                                      MD5

                                      62f55f0b6b6d0f1ae588f22146a0f8d6

                                      SHA1

                                      8602a950bd233493b62515a3e87df1533987f867

                                      SHA256

                                      db320fc282cabd3cbdcf7a7b7bf60f33f95ea1810f2f84901983fc9895e07db9

                                      SHA512

                                      1fdb8d3b15e2c0a19dd2a743c9a3035c2f3e1fc90e162695b56562f5a59da6c9b2001b3c811047125fdebd39fa83b96d154393484f12ee3db8760ea4ebbb54b4

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      1c64ec0dff85cb1b42ea5d4e6ac291c2

                                      SHA1

                                      8ba07ec2b44dab8ed9787e0ac8573acda66a521d

                                      SHA256

                                      e09b3d19584947a472d17746e498d829bf01b593f4c6aa782391e6a0c67f198b

                                      SHA512

                                      87ade7b99da71cd0051e0a68c3e615917c965c8ef364c149c3300e58b59176db0b576ea3d91507d264a60b81624cfa2d9d76ccd94082a020dc99da3f962ec184

                                      Download Submit