Overview

overview

3

Static

static

1

f9c01fb0a0...8.html

windows7-x64

3

f9c01fb0a0...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-09-2024 04:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9c01fb0a021a76d2c741aabf269dc96_JaffaCakes118.html

  • Size

    359KB

  • MD5

    f9c01fb0a021a76d2c741aabf269dc96

  • SHA1

    3a68a6e39b580145e308eb8fe8efa068c154789b

  • SHA256

    d840451e42b1f700bdf2987cbf77d78590b2fc8e70e9b7f70f6fbd7e76d09650

  • SHA512

    710a8e80b5d82633f90d95d8e0cb34ac448f180b92a724c95dae3be3164acca2c81515dce9dce9f7fc776e04a53be157bdedecf673fc1bac2b0ffdde14352dc4

  • SSDEEP

    3072:lumNbqLljT4oxZwHN5q23dgoRGoU780ni5eSid/zzzVltBsi2PhbfR8:lum7LHN5D3dgoRGoUBni5eSid/IPQ

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f9c01fb0a021a76d2c741aabf269dc96_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3444
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd76d846f8,0x7ffd76d84708,0x7ffd76d84718
      2⤵
        PID:4812
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2542931404878283715,4169530458781329293,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
        2⤵
          PID:64
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2542931404878283715,4169530458781329293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:60
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2542931404878283715,4169530458781329293,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
          2⤵
            PID:3984
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2542931404878283715,4169530458781329293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
            2⤵
              PID:4488
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2542931404878283715,4169530458781329293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
              2⤵
                PID:2200
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2542931404878283715,4169530458781329293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
                2⤵
                  PID:3792
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2542931404878283715,4169530458781329293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
                  2⤵
                    PID:2532
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2542931404878283715,4169530458781329293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1340 /prefetch:8
                    2⤵
                      PID:3060
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2542931404878283715,4169530458781329293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1340 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2464
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2542931404878283715,4169530458781329293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1320 /prefetch:1
                      2⤵
                        PID:1528
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2542931404878283715,4169530458781329293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
                        2⤵
                          PID:4968
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2542931404878283715,4169530458781329293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
                          2⤵
                            PID:532
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2542931404878283715,4169530458781329293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
                            2⤵
                              PID:3532
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2542931404878283715,4169530458781329293,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5228 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1180
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:924
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:1164

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                9b008261dda31857d68792b46af6dd6d

                                SHA1

                                e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

                                SHA256

                                9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

                                SHA512

                                78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                0446fcdd21b016db1f468971fb82a488

                                SHA1

                                726b91562bb75f80981f381e3c69d7d832c87c9d

                                SHA256

                                62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

                                SHA512

                                1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\77dc6af1-0a50-4c23-bf7d-9fbeef3dfd0a.tmp
                                Filesize

                                7KB

                                MD5

                                d316083184c1b3fcb6362a4519c82bea

                                SHA1

                                b9bc766f7b211bbbc6b3f353295347553c92bbb8

                                SHA256

                                e438a990d3dd673e9906948c0184b6508f29952eb0197dac0aa400d920f199eb

                                SHA512

                                63474b86c1b7285f80248f7021b5aaeb06af7ab5a27945dced52313d045b00f845771fa0d7ae6b99886e63e9c42fa0e0f4c5f7d7717a0b3688335b720327994a

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                264B

                                MD5

                                24516d639b85bf46d3b84151b7d8fdea

                                SHA1

                                a014918e79a9d87344feb76405b5b463f6d5594b

                                SHA256

                                49c6082b672744439b4e7045117b5440786226fd9b537846fec6bcda7f6e85a3

                                SHA512

                                188facbe81143b622d6bedff6cec77ac68d57bd5eae8101e2666b70c071c5bc5b84f2ba292d38021c227852189001d98c1ed40942d53cc49049514047524970d

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                2KB

                                MD5

                                99e93c5f33cf24f74d80b8b2641306e4

                                SHA1

                                7593049e20289647a5c6ac10be36aa1da85a3ccf

                                SHA256

                                36fddfcef3610f8fc663b4a39118cd997613e39c79f85f4bfc51b438344e11e8

                                SHA512

                                feb0a92cd29004750e0e22ce8eea650ed6d5c5a79f4f19949dfaccc3b84dd6483966dcb46737aad0ecdc8d4a9aafd1140d475dfc15405a2fd333ab7b7974ece9

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                d51d9f5f7b5edde125e09dd5fd3f99de

                                SHA1

                                3cf18fc809c515e9a518a526be98b1329ffa97d8

                                SHA256

                                4aa037733b1e633a49b94e153b5453649472b07b9a3f52f49262aee4ad86f14e

                                SHA512

                                9e00a2da1c0174d63e98af28a9144a58b317db37ee51104a2572c9831f154b6f84126ab649dbdf5ef2c0f37481642a01520313cca314f4e628e2a1d79b4943d4

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                7KB

                                MD5

                                3d1b0ad0eeacdb11ec9419f3fd7de4f6

                                SHA1

                                34b22960b69ae37f33a7d4db28744c4c6b1866bd

                                SHA256

                                268894e390db88b03eb94498b4762d9a6db07dcb185507a6b3446c7fd1ce78f3

                                SHA512

                                b61a57f2efca62ed7a92ae70ccc0b0982d29dc169acb42d207efcfe0813c60abf08e8dd552477e5388d5cf279b5243231ecaab3b4204d4d5ed223d7cc31665a0

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                10KB

                                MD5

                                17cc0e2f7063c700b20a8847340e3955

                                SHA1

                                d4c552c85402b1fbb37fe52a5615f61ed5a2bf60

                                SHA256

                                2f49b281c942cd77fdc115b08bfc6c0445f07f7c3df88b9261a23fa76b2ee0d3

                                SHA512

                                b45f0ef3fc4080ccb6462e65cde976c19064d324215bd60b603341b93870a1b9d4fa03169ef8e4b2f44af07730f73f2fc3284b1c2a47e3b9d745a00b6386b0e7

                                Download Submit