Overview

overview

3

Static

static

1

de9d360fba...8.html

windows7-x64

3

de9d360fba...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2024, 17:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de9d360fbaa481c5e5156614dd447e56_JaffaCakes118.html

  • Size

    15KB

  • MD5

    de9d360fbaa481c5e5156614dd447e56

  • SHA1

    ff03df4ba33a667499f2fea642feb2ec53bbbdc2

  • SHA256

    74fca5049e35f823a617cf89e1495d1b0ace6cfa7189af99ac9c13095c316559

  • SHA512

    031c80b218e4b96f7b97c203961eca894b559cbeb9dfb15eb910c7da425bfedc454388a07c85f932bc1939a2d951835fa458cf2ba2c7ace8892b5c69aa32c05f

  • SSDEEP

    384:u4sRkvKbqWDCd5gPE5kWSo/0/ez/RYXOK/njRsx03g:mRRGWDCdyE9/02bm/njRw

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de9d360fbaa481c5e5156614dd447e56_JaffaCakes118.html
    1⤵
      PID:3688
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4892,i,1330210614411927383,9239043499051775691,262144 --variations-seed-version --mojo-platform-channel-handle=4088 /prefetch:1
      1⤵
        PID:4712
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3888,i,1330210614411927383,9239043499051775691,262144 --variations-seed-version --mojo-platform-channel-handle=3856 /prefetch:1
        1⤵
          PID:3492
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5456,i,1330210614411927383,9239043499051775691,262144 --variations-seed-version --mojo-platform-channel-handle=4452 /prefetch:8
          1⤵
            PID:3636
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5412,i,1330210614411927383,9239043499051775691,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8
            1⤵
              PID:4072
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5764,i,1330210614411927383,9239043499051775691,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:8
              1⤵
                PID:540
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                1⤵
                • Enumerates system info in registry
                • Modifies data under HKEY_USERS
                • Modifies registry class
                • Suspicious use of WriteProcessMemory
                PID:412
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ffcb387d198,0x7ffcb387d1a4,0x7ffcb387d1b0
                  2⤵
                    PID:3404
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2356,i,13318486417305368035,15502179883666429684,262144 --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:2
                    2⤵
                      PID:556
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1940,i,13318486417305368035,15502179883666429684,262144 --variations-seed-version --mojo-platform-channel-handle=2388 /prefetch:3
                      2⤵
                        PID:1096
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=1944,i,13318486417305368035,15502179883666429684,262144 --variations-seed-version --mojo-platform-channel-handle=2520 /prefetch:8
                        2⤵
                          PID:2624
                        • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4544,i,13318486417305368035,15502179883666429684,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:8
                          2⤵
                            PID:3928
                          • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4544,i,13318486417305368035,15502179883666429684,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:8
                            2⤵
                              PID:2732
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4828,i,13318486417305368035,15502179883666429684,262144 --variations-seed-version --mojo-platform-channel-handle=4644 /prefetch:8
                              2⤵
                                PID:3132
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4836,i,13318486417305368035,15502179883666429684,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:8
                                2⤵
                                  PID:3728
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=2868,i,13318486417305368035,15502179883666429684,262144 --variations-seed-version --mojo-platform-channel-handle=3092 /prefetch:8
                                  2⤵
                                    PID:2016
                                • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
                                  1⤵
                                    PID:1036

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                    Filesize

                                    40B

                                    MD5

                                    20d4b8fa017a12a108c87f540836e250

                                    SHA1

                                    1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                    SHA256

                                    6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                    SHA512

                                    507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    10KB

                                    MD5

                                    2e8ff552c6efed3b85493ea8c44639da

                                    SHA1

                                    afcca634fdf9e9c31c70d5dd7c9e632b4b6aa2f2

                                    SHA256

                                    6b0153f7986b2885f06eac3af0e8495b77937f3cbbc5b7153c3cc569500cb269

                                    SHA512

                                    71e848bb58db1e9e037b1400dcecfb5b1c9d052b392e243872b5d224bf3dcc6a607bcc7bfa5eeae349eaa48b101bff68c4a3cb7d8dfa8f192737465bd7c2a8c4

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                    Filesize

                                    30KB

                                    MD5

                                    cd93e8f06aa13d40f01ee41091b8235f

                                    SHA1

                                    85734571d982526ca20b8c5a537ecbff6e9f7b56

                                    SHA256

                                    1d1a1aa3caf142160d893636ec19081e2ec1d8c06234c5c30f3b78fe9fbe9bea

                                    SHA512

                                    07241a24497bf88c6cda77d8591ddd24b3804059f26496c55aeb01af52a6cb9e02cae6b57152974f49fa5646f41c5c9d29878872e9b6aaa3323f5f5a8b687dcf

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    53KB

                                    MD5

                                    87dffd1c7109dbd21f5d7cdd40ca008d

                                    SHA1

                                    512fbc4bb2cb33f4118ae756a1507eec397c88be

                                    SHA256

                                    8af6dee701e4310ca30c4d0ebd825794bda1760f12b34889fb48a69970762ec5

                                    SHA512

                                    ae1dbb60cae0e9e3fa667876134556f8ad7bde0144776d4e17db2c5e65d0f1ff1d98459d1152dc16268db5d03461e22e0ae7d6a8089709ea0cedb9a06fb894e1

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    50KB

                                    MD5

                                    4ca0a116495c7fc86f4f11e218a50802

                                    SHA1

                                    9aa5fd6662dffd9372da99741bed1861400899cb

                                    SHA256

                                    39e6547d083aeb562d333c9a3d17bbee3a2364993cbdae4c8c98414b3bc69fdd

                                    SHA512

                                    c7def82fffc4b3c0ae5ba24f4f62ba3e77da4807122b568a1e88cd9f8e98d26591c710e59e7443b813ad3c8d52488fe167431f998260ead36628ced884e39207

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    50KB

                                    MD5

                                    2778cee6882883429b2fb54f3b3005b9

                                    SHA1

                                    1f3d952f21a14afe220d8b14828e7e518b7d56ba

                                    SHA256

                                    f8f7c701773cdc50814b1ff0ac3f0319c9247194586964a540bf91de3ca5a3b2

                                    SHA512

                                    476b7bddc236f3c8367ac5ee490c9d98cac43b8513a16f3a7b3055857bcd4950f16ab8aceeae514b9760f7b27913e2af315cbd7b17fabe4b537e43e3424824ff

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
                                    Filesize

                                    2KB

                                    MD5

                                    ff13336bc9d5367c6de3ab7c2ccc9876

                                    SHA1

                                    4ed3bf815f719d977479c06c6dba670784b48a8e

                                    SHA256

                                    f94e40edaa6ff25852ca23246d16dff26a787febfb8cc7d727b7991d973ec5d4

                                    SHA512

                                    f10e3f67b7c72fd24798a4c2d3cac5653bd00ce9ccc8a474c18004de97669c6fae594f8a4478a3db736b28a4f67b2feee1668763dccce264eb03ac64cc781823

                                    Download Submit