Overview

overview

6

Static

static

1

e0c66a8cb0...8.html

windows7-x64

6

e0c66a8cb0...8.html

windows10-2004-x64

5

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/09/2024, 18:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e0c66a8cb01058c93930c83a3efacc8c_JaffaCakes118.html

  • Size

    9KB

  • MD5

    e0c66a8cb01058c93930c83a3efacc8c

  • SHA1

    f1da81cc141caee65372f6b4c8a5cff40f017a71

  • SHA256

    42c433ab7f586921d13d10b73e8cf20e1524bc8b04fd7eba0002bbb68d9af3b4

  • SHA512

    4aaca7228ca5efde8c35c34b911f2074883e0183da2c5a497b2dffd742c40985e0686148234bcdf414b1f6a3d4f9d2b4a61617d84b8ae39896e95d1a44694271

  • SSDEEP

    192:eFPNoFe4/fYVZOR4e+WYQAl7clUbT1lOCqT7aH0peTL8TBIhPq:KtGf7R4etA5ceb23l82ug

Score
5/10
paypaldiscoveryphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand paypal.
    phishingpaypal
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e0c66a8cb01058c93930c83a3efacc8c_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1404
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e0d346f8,0x7ff8e0d34708,0x7ff8e0d34718
      2⤵
        PID:116
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,16230286505805998804,7132533351507290406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
        2⤵
          PID:4944
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,16230286505805998804,7132533351507290406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2376
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,16230286505805998804,7132533351507290406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
          2⤵
            PID:1540
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16230286505805998804,7132533351507290406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
            2⤵
              PID:5000
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16230286505805998804,7132533351507290406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
              2⤵
                PID:2036
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,16230286505805998804,7132533351507290406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
                2⤵
                  PID:372
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,16230286505805998804,7132533351507290406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4144
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16230286505805998804,7132533351507290406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
                  2⤵
                    PID:3900
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16230286505805998804,7132533351507290406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
                    2⤵
                      PID:1512
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16230286505805998804,7132533351507290406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
                      2⤵
                        PID:3196
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16230286505805998804,7132533351507290406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                        2⤵
                          PID:684
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,16230286505805998804,7132533351507290406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5100 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1276
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:3352
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:544

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            eeaa8087eba2f63f31e599f6a7b46ef4

                            SHA1

                            f639519deee0766a39cfe258d2ac48e3a9d5ac03

                            SHA256

                            50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

                            SHA512

                            eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            b9569e123772ae290f9bac07e0d31748

                            SHA1

                            5806ed9b301d4178a959b26d7b7ccf2c0abc6741

                            SHA256

                            20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

                            SHA512

                            cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            189B

                            MD5

                            efd079652ad21c50d69ad30ccf61a40d

                            SHA1

                            000bc74057bb6ab42d2a160349e1597edb211bc2

                            SHA256

                            045646bc1a87f1ce57c87ba8a6ed5332e36f71e667ac712be1df2fef80385f8f

                            SHA512

                            35f643af8bb12bb445e3e6ce7577376dc69010ddf8d7e76752d703cb50f091bdeb9947b9718baa6e9e286d69df19a794522e446f29d58dc26dfea571045f51ab

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            d023a798ee4ea2a2f1d317be511a56c2

                            SHA1

                            191a467562493cfb89f68e354501f8e2e27d92d2

                            SHA256

                            dc988dace0d2949e633dade0c2e174ae8820363d6238fb102c7ecb74fcd58707

                            SHA512

                            76096b4add997c707e84b767b3c010657d567c30038c5ad00f4e94241f8c582f880796b65f170a28ce4ef0be97306fc5bebe601c1305329e54b948686f019128

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            dcc0eb52b31f6eb39417bbb2a2e94f99

                            SHA1

                            47dda76fb715d459419d082f092640362ca05429

                            SHA256

                            6cad3f5a634781f39c718b903dbdbe8142af812858978edbb6366bf64be49dad

                            SHA512

                            a815d38bbb294177c104ab18ad76e1ace832042454ef75d57f36ca0e0e578587068386423288da2f3b884c6e0edf28a1e207498ea68c8fe955738abf3d45084b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            bb0415c3fb5b1940019483e9a3cec4e0

                            SHA1

                            841417dcc238e491d727067e922ae6b29579028b

                            SHA256

                            cce07c8a9588ca5c955c5ad483f11e9d7ec3e6b9bdd64bd154d32e858551aa95

                            SHA512

                            87621ad93a2778d15a46fa94b0fed328d7bebbcd352372aaebfb8910cff415e255a350261eb11fb40a4aa7ee47310c5d0fa87f6c80ab2844c623e3941a87e709

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                            Filesize

                            203B

                            MD5

                            a42b56875cbdfd47fd251953277cbeca

                            SHA1

                            5aefe8164b31b10d6d4cdcaf19dc89e0137ea92d

                            SHA256

                            218e41177c37c60a7407452c339fd2d0c7fe6f93ee275935048557900bb5985c

                            SHA512

                            7a06a6b84b77accf3e83d79b97ac98cd3915d148da588106dc4e841a1d4f6f5b209dee27226835f1c82dddb34fa8f84a6a222ae0fa4957fd776820d459ced003

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eef4.TMP
                            Filesize

                            203B

                            MD5

                            e121f22c7e9c7278708cbee377dd8b8e

                            SHA1

                            f5560e4e820126f789fd7b62b1bddddea25bf962

                            SHA256

                            9d10401fcaf70c6c6f8aa47be43b0086c3a7d201620d02328caedb43ffbeca30

                            SHA512

                            bef9dc54b43ad4a2dae0513c462794a9d02e147292ac39ea158c22fff9177272db3489a0b62e8787381056b7d02ebb3e01fe2780c8279353bcaaf91cc797a289

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            6de78db76865207f8eaa6378c31312bb

                            SHA1

                            a0574d96197228861467d6775d728743fbf842c0

                            SHA256

                            02d421ff60737ce46454ea110e12070e3cd908459064f20050f96e72b77f10a3

                            SHA512

                            cc1d2097c9c38167de8ecb8fbe02ba3d1615cf55b8079e0fa5797fbfeb6d7b16e11b9b96249ef7058d82c299c59c4d884e374b55e5c7e065bd2fe64b0a835025

                            Download Submit