Overview

overview

3

Static

static

1

fac4d95e10...8.html

windows7-x64

3

fac4d95e10...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-09-2024 19:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fac4d95e1092c2773ca3a796b03ff16c_JaffaCakes118.html

  • Size

    22KB

  • MD5

    fac4d95e1092c2773ca3a796b03ff16c

  • SHA1

    8d0a5d04ea9e853e13e845acdcd97c09efbc5b84

  • SHA256

    4a41007510924a65cc9747f48d1869455dbd7fc329ddf9b29011d225405a4b80

  • SHA512

    dacc7d9910fac8913ef4b8bf322d0ee9ce9312a10b91b490bccb380b37809e8180a1fd4673af54c6b9782c728f13bac1199b35866330d96bcb31b9e699993f0a

  • SSDEEP

    384:wk4a3/TZAuGU/jIB0nDBMTQLy7iHOkLFOiwe50y:wkpdAuGEjISDCsjwe57

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fac4d95e1092c2773ca3a796b03ff16c_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1864
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c8c046f8,0x7ff9c8c04708,0x7ff9c8c04718
      2⤵
        PID:2976
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
        2⤵
          PID:3652
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:400
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
          2⤵
            PID:2284
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
            2⤵
              PID:2920
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
              2⤵
                PID:1632
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
                2⤵
                  PID:60
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
                  2⤵
                    PID:4148
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
                    2⤵
                      PID:768
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
                      2⤵
                        PID:3532
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2316
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
                        2⤵
                          PID:1496
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
                          2⤵
                            PID:1084
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
                            2⤵
                              PID:3232
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
                              2⤵
                                PID:3368
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,8345658367040243382,9207812470534951324,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3016
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:656
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2024
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3620

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    e4f80e7950cbd3bb11257d2000cb885e

                                    SHA1

                                    10ac643904d539042d8f7aa4a312b13ec2106035

                                    SHA256

                                    1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

                                    SHA512

                                    2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    2dc1a9f2f3f8c3cfe51bb29b078166c5

                                    SHA1

                                    eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                                    SHA256

                                    dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                                    SHA512

                                    682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    456B

                                    MD5

                                    5d977a20c43516ef3864a92a34dd5ebd

                                    SHA1

                                    487249b11b9d68bf3a33a5702de15c6610de0d33

                                    SHA256

                                    56b418cbfb9835640023cc2a0546b1389443b963195491e85c5322d9b2d680b5

                                    SHA512

                                    1526159fb1ee7769488e2418e6954b4c9ee58689ba9259b918fb1256e0557b0a632a2fffa4798550b09a7c91aec7472455b6b52188ddbfcc6e2d1a6eac667969

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    2KB

                                    MD5

                                    cc741ff86d5568abfe692719c6a92542

                                    SHA1

                                    06c981314f0be040059a90382440f22087750a64

                                    SHA256

                                    42108293264d2076be9caf60579696dfa9e1451f7fb99f36bf627223b05947a8

                                    SHA512

                                    dbd653e736e8bcff978c416f154a9882633643516a85052e5058581c49085fff8efdea7e190c5ba1fca8987590e75af75c43249d9c0bfac3b112a2e9ba2a36ff

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    d90ca5d049280aa662e9ce7df85a9fc0

                                    SHA1

                                    764914a8c2e2cb7b259989ca281a2acaa52a575a

                                    SHA256

                                    d2c42942c79354257909ccdb5e9f5f3c040dc3135fd0dbe4fa1cb55d691cbfb2

                                    SHA512

                                    d55feabda733b1ee5d3a8bbd898d5785c6d70dd09d9e801e5e53f976c6f235b1edbc80a925441500418251a372f508f3a8d0261a685cd2a40f51e39c777557d5

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    7KB

                                    MD5

                                    71e79ac7a975bfd3a9c504cb6da34bee

                                    SHA1

                                    61ef632bc33c3582324330ea0841bbc909f4b53a

                                    SHA256

                                    fb6c4fd7959cce5921c98881d8cf3b9882a494253a1139b874e780ed2869c27e

                                    SHA512

                                    910412f1306c249f529b43e54e726882cb214a320848297352384cf473d141b10ba0a8ab49fbca47eff9d138e22447ee39c572030aa50fd9057df17729e634e4

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    3101ffe76d769242b099d9b3735a7d6c

                                    SHA1

                                    f2f0803d1774e11f5b8530b460cd63934979ed22

                                    SHA256

                                    6651e279dd4911861e940d6edd14690fe9759eb691131a180f3e9375ba01b3cb

                                    SHA512

                                    3cfe3ddd519294ea7c3c1b4d82a24fc533dcc65cff717202912d7a1fdbcffd95fda527650f8c4484ceac755b3e600004964fa969d79af98a1e408a9538fd9447

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    7KB

                                    MD5

                                    ffd981dc069fe6d7fb3ffa39863aba12

                                    SHA1

                                    4232dba3f1c70f54ce3f6aa89d577f74713435b9

                                    SHA256

                                    8d29b821f6b4e28694af4a62c3d4095024edbd465e2a5a9a0087500925170b7c

                                    SHA512

                                    74117e594952de7e2ef7bc49c148dc9183a8142ed402f31d09bfd14519c210f36be09696a3386f33b17ea4d8fbffcce7a0427e0f946da52ecc77b615b3e80932

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    10KB

                                    MD5

                                    f07bd1c0560769ab604970a4155c99c9

                                    SHA1

                                    c6a72d6e42f96f3def8a07a890d3c2c4e65c53b1

                                    SHA256

                                    a8420ac087225885f2e87bd2a9bee25327adcf25c4e6e84fe0abe393545abac5

                                    SHA512

                                    fdf77c130a95705922f2f975d72374a124a2db795ab41468510d67ee21fe7bb573d83c59c0596cf35fd29d5b0286eb7190b47e6bb40372e10ce1909af4cf8354

                                    Download Submit