Overview

overview

10

Static

static

1

ff55cbd10a...8.html

windows7-x64

10

ff55cbd10a...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-09-2024 21:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ff55cbd10ae02b654a56463a78da41cb_JaffaCakes118.html

  • Size

    669KB

  • MD5

    ff55cbd10ae02b654a56463a78da41cb

  • SHA1

    98cd59c3b114006aac1f863070725f1a54c4221e

  • SHA256

    b168e3851b61e2d90524427e21c998ec5d98ac3b036b360f7e2629b997bfd0ca

  • SHA512

    0c618e33f8ee0943570a197530528103d709c8b3325b6a98b74076eed8c354a4fe0d7ae1b18ce377ab36eeb3b1deb9a887924b61c244271cbd16994dbc9eef7a

  • SSDEEP

    6144:IJHosD2CHhZYpFxv3Pq4fhQ4h21x7gqdLcLeUsb72zb+M347enRA6X814C6JKi3x:I9L6X8t6JKiK8t

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ff55cbd10ae02b654a56463a78da41cb_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3224
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe59b146f8,0x7ffe59b14708,0x7ffe59b14718
      2⤵
        PID:4352
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
        2⤵
          PID:1216
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3124
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
          2⤵
            PID:4424
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
            2⤵
              PID:4236
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
              2⤵
                PID:2364
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
                2⤵
                  PID:2768
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
                  2⤵
                    PID:5016
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
                    2⤵
                      PID:2896
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
                      2⤵
                        PID:848
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
                        2⤵
                          PID:3956
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7016 /prefetch:8
                          2⤵
                            PID:3264
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7016 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5044
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
                            2⤵
                              PID:540
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
                              2⤵
                                PID:3888
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
                                2⤵
                                  PID:1240
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
                                  2⤵
                                    PID:2236
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,14281089959572726619,4859608976661624631,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5848
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3912
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:1240

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      ff63763eedb406987ced076e36ec9acf

                                      SHA1

                                      16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

                                      SHA256

                                      8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

                                      SHA512

                                      ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      2783c40400a8912a79cfd383da731086

                                      SHA1

                                      001a131fe399c30973089e18358818090ca81789

                                      SHA256

                                      331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

                                      SHA512

                                      b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
                                      Filesize

                                      23KB

                                      MD5

                                      c897f8479da25ec570027594f1b4db24

                                      SHA1

                                      81a3ff06cf35a87e697fc4733966dffc270ad06b

                                      SHA256

                                      7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

                                      SHA512

                                      b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
                                      Filesize

                                      61KB

                                      MD5

                                      529a606ec93821f9c2706ebe993e1ca8

                                      SHA1

                                      9add401d95927c2000b81e9d023440ffb2dab103

                                      SHA256

                                      df1283cbc0a6fe37a59059001208514d5b254b59be8074b1ea0e7cab49e43e39

                                      SHA512

                                      bc789553300e2d22a71b3d146e9bcdb963bde8263fbb9e1d6a3fba5ac68432360fd27d41e66f3278666e639e36c670453082a8b9bd3770728a87acf742414b37

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      312B

                                      MD5

                                      0b5bdb9a64f998268477cb5b12cf593f

                                      SHA1

                                      b2475b623f1f6464b3a349a191d44770085bd62f

                                      SHA256

                                      37891c032dad1a0c9e09350c1e92828be41f4fb4ebd0aff4a9444b41e458b700

                                      SHA512

                                      d9a686f3e117c9b057255fc11ff4fbb154d2bde03774c6ad521e035e9824d55ac5b6d2947bed13e330b582dcf9b2a03539e21b1c6677678e50d39ec7a61bafda

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      2KB

                                      MD5

                                      8c764b22ab9b928fcd50726c08b52bf9

                                      SHA1

                                      583a68ba88b85efbf76fcd107f0ab147e8d0ca41

                                      SHA256

                                      33cbad00679b90f1cc8950897d3560b594025eb9bdd92f3378b0e37794d41bf5

                                      SHA512

                                      3332f940b8e0fb22054025ac596c42d767eef773b1730cc4c5539907e00fade86a34eb5e4d1d3e571c3bc8aef0e836f4f1e7008c5bcf6f6c6bab6f2cbc6d0ee6

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      2KB

                                      MD5

                                      bac01dcdd284b392e85de26904169920

                                      SHA1

                                      fdf085e0138caa310da974a41bfd502d0580d7ce

                                      SHA256

                                      d804c7dd3277e13dbfe43c8846cc198a8bd2d98e7dda60fb0add3661f8dab11a

                                      SHA512

                                      3b393778a9d6faf6193497a4d77c8d5deff2c09de393dbe4d8253bdec3e69360aeca26a851713ee7e2266f3006c1ce682729b719d0f2f85e6019f2fd61f18ca6

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      0884f70fe62cc17512361ee80f9cff78

                                      SHA1

                                      8098599e78ba424a94a763362eb352a3a1a80438

                                      SHA256

                                      0e906d693d8bbc93dffa1c886f4e5e959face4ff8e1e20a071ce6d4464a410ff

                                      SHA512

                                      ac16d283c05af244d7b811946d5ec08a5e1e0b26a989100ef825ca84f0aaf4b22d29e6a26a679f3c7de52707e7ecbde6718af52b873e8587bc7f7953daa110f5

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      7KB

                                      MD5

                                      72072a6a6696de16afd40a29707e64d7

                                      SHA1

                                      81fb5aa287a86f97e7517f4da6c5b99d8b5eab67

                                      SHA256

                                      377e4633854a07d121d4870b5668e37417046986b8392d865318478c4fae3c67

                                      SHA512

                                      35a06337154ad96ff75733a5acb94dcd1db8c3e9c71562725cab97cf2a295337f51215144227f2ad7e53482996f10a841f0de87a8b9b2917d57a6b4ac78f5fc3

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      7KB

                                      MD5

                                      86262bf4a8654cad78a8cd6114682c05

                                      SHA1

                                      0de7fd3266c317b3ed5709aef7b76b816b11d752

                                      SHA256

                                      ed4576de9d7432b439db67d9350b6e3375910ce7625f2987eb7c02d093fc5f7b

                                      SHA512

                                      155d89fa9a8d99716b2e89e4d4ef6674953cf97f654c3b8e97fb6ee9c14a182751a1988d51d5b42af4ea34659b192aab202ee76c92f4f26f8cc786651a194793

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      7cf5f981d75042fdda411b035d218885

                                      SHA1

                                      a22c1b58bec2fbd8998aa70ac923684d4e7ef626

                                      SHA256

                                      501c69b70d597f1604b4fc058f8e57729c6de23a5c5c10325457a036d78e119d

                                      SHA512

                                      07e9edd7f09f7e417a0265463dc457dcba328159575791c2315ce6f16747851030ac121f0c4612a682f0e2323adc64c0ec94c743bd6214efbdac589344c65ae6

                                      Download Submit