Overview

overview

6

Static

static

1

d62dcadd49...8.html

windows7-x64

6

d62dcadd49...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/09/2024, 11:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d62dcadd49a17faf53dfaf4863f1672f_JaffaCakes118.html

  • Size

    93KB

  • MD5

    d62dcadd49a17faf53dfaf4863f1672f

  • SHA1

    88773ed5933e8f9ae51fb8d0d0d9e6f2b98ca853

  • SHA256

    15d8c09c4d9b7cf2c59909275e34eeb41dc0308d5467b02c70ac91fd2bb45dfb

  • SHA512

    bda79202cc7bd76f1d5aa43a2e7acd2370f5f990d3da31966c0192715e93937112ddaa049f56baabb02cb278cfaab61d2d1bc3b1b5a1ed04a62bd0e876ad4532

  • SSDEEP

    1536:UPHmyz+kYB5EdV+qUrpWMoQIxMWTxse8dAj+N5fy8RA:QhzzvpAFUXz

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d62dcadd49a17faf53dfaf4863f1672f_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4712
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd183e46f8,0x7ffd183e4708,0x7ffd183e4718
      2⤵
        PID:4224
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,5914719747904476306,11690682854422246661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:2
        2⤵
          PID:3488
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,5914719747904476306,11690682854422246661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1996
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,5914719747904476306,11690682854422246661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
          2⤵
            PID:1872
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5914719747904476306,11690682854422246661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
            2⤵
              PID:5060
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5914719747904476306,11690682854422246661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
              2⤵
                PID:3152
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,5914719747904476306,11690682854422246661,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7900 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:5200
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:2960
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:3596

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  ff63763eedb406987ced076e36ec9acf

                  SHA1

                  16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

                  SHA256

                  8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

                  SHA512

                  ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  2783c40400a8912a79cfd383da731086

                  SHA1

                  001a131fe399c30973089e18358818090ca81789

                  SHA256

                  331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

                  SHA512

                  b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                  Filesize

                  34KB

                  MD5

                  5e76ca995645a2b531db6fc3f11c97f7

                  SHA1

                  775822d9aa57536ada71d3922cdc69789373b3d0

                  SHA256

                  f223165da6014b7c0edcf73c32d84932855a0b437abf0f7ccb92baf47c9c0583

                  SHA512

                  cbc2a52252735d097d007517ddc7182ab6a2b1d25ad3fae7c378753c431e33b341b503356b4d9313f88f0ad7939eb16c377b99bf6c8d7bb1022de91c41950938

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                  Filesize

                  83KB

                  MD5

                  6b57837eeee73fcc5a6739492d20bd70

                  SHA1

                  54f696b0d6e6e92c5e588dae30d93886c040568e

                  SHA256

                  e247a964abd7d4e0b5b3d990ccccb483ba81b9b81529ccaefb7af30b8f192ac5

                  SHA512

                  ecffa90d9f7393f14b87c0064a3341da4ef49099f8a2d96a8c5ce4a93b855cfc2ae910ab75cddc8d7ebb67b818727b248eaf2acf45ed39ce8e5e0baeea33d9a6

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                  Filesize

                  479B

                  MD5

                  6e2835008dd62d0fcb5e225d61df7ac0

                  SHA1

                  5d584d1663b848419be6ef803ae8ae2a7f40dbee

                  SHA256

                  32494c653f85691b1694a0407a0f95ce95d6a18082c774394d07e71c0e8001a1

                  SHA512

                  2943883abfa3e290e06c3c8529074f7983266d497d2a1a1d765794da538381f0d07fd332dcf3531a2f650886082c061975d7edab9330ed023621bff2fe2b8793

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                  Filesize

                  111B

                  MD5

                  285252a2f6327d41eab203dc2f402c67

                  SHA1

                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                  SHA256

                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                  SHA512

                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  29ec6de03ec5e9c2ef3d8c274ccb51eb

                  SHA1

                  149c0f8acba545f900cd03d9052db8b9c4ee01ec

                  SHA256

                  88f87d6890a709b8959ee296710e0e1577b120355bc67edb6a3b646b6db4d4a9

                  SHA512

                  509a7df6aafbdfafd433e8fe0bd158b28450a3c46074bb23d306442e15594d07c1a5d7d78ddf209a13e3def9fcf6699951c4220f2c820a32becb5321db9fe72e

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  d0cdfe3bf229fdb851b63e2e98c589a2

                  SHA1

                  ab878dd7e5c5884d0441ae16b6e4646ddcdeaae3

                  SHA256

                  640e67f1265e0e4e96e4e6e8bce63c5116da675fc23079f7498fa2f2032f6214

                  SHA512

                  20cef637f6ab1f83fc0ae37f6f2a8a490811dface74a8eede99a38d54e28ba8da1059900fff3ad647fa6f17c515593a61177773ac2a4f8edd2047c0911905180

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  10KB

                  MD5

                  ec4e3fdce8f9a9c27d10f94dd68be494

                  SHA1

                  b9cc4bb88e65b9e9a2087e5581b5284c33751944

                  SHA256

                  bc999eb1f5498e15ff52eeb88ecc03f64f2181a1b23764a2ad7df335ce580879

                  SHA512

                  0f7dc6373ef9081c6403579bbb31e15538d32a39b2956534226899f3b141b66da7cd9fcd35501d9a2a6e3ba130c2be12c2166df2916168096a8f5098459f4507

                  Download Submit