Overview

overview

3

Static

static

1

002f21980d...8.html

windows7-x64

3

002f21980d...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/09/2024, 07:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    002f21980d0987d47ccc7895f9c5da6b_JaffaCakes118.html

  • Size

    85KB

  • MD5

    002f21980d0987d47ccc7895f9c5da6b

  • SHA1

    3d021b777b3151ccbf0838bfdcc49f7956a6c845

  • SHA256

    bb1f2f9353cec859ce2895b680b582337e97abcc5a5c2fdf9be3e43031a8ff7a

  • SHA512

    f1d7f3c565f8e6bd4388acc5c93d79b61a463b0e45184599aac42e6c15120849187a565eaf74dd7088b0d4573c0acb22ed1775f42ffdac2a10b242fa67357edb

  • SSDEEP

    1536:w+ipVn1BUNqvLKvr7R/VnVAWCUWSo0mjiMpbqqvmznhKv++nPLB1V2:wBvLKvr7RzyiyuznhKv++nTB1k

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\002f21980d0987d47ccc7895f9c5da6b_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe5ba46f8,0x7ffbe5ba4708,0x7ffbe5ba4718
      2⤵
        PID:4656
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2348431766639832784,2983437379997672874,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
        2⤵
          PID:4876
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,2348431766639832784,2983437379997672874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1880
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,2348431766639832784,2983437379997672874,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
          2⤵
            PID:1180
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2348431766639832784,2983437379997672874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
            2⤵
              PID:2928
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2348431766639832784,2983437379997672874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
              2⤵
                PID:3556
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2348431766639832784,2983437379997672874,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2696 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:3124
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:4280
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4976

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  709c6f4a32b317f6487b598788b6353d

                  SHA1

                  50f44d43be9630018f0bd2acb1528df07cd05b7f

                  SHA256

                  353aff71e8cf078c88c836e66d86be266ddbe36496a597b9b5a5a87d21eae83b

                  SHA512

                  4f33792eb73a792c88e8e2dc8bef7b00a2af7b1b91f4bab0cd5076dd2cb9abbb752eb7e60a4c6204d15f9bca1562915f2468b94e5f01f79279e1e7469055f0a3

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  9ebc024cdb324eb41f33c6ec63d1458d

                  SHA1

                  f623e96981ee63c1b6879f682c4364fd5c2265e5

                  SHA256

                  23b9bd7316816043f42a80784e7f247f3afebd3dbe370fbc702189a6a0dddb1f

                  SHA512

                  6971b6430bc01a36c48bc1e41cf8c4bed65a2890837f7778a896072159940ae739d11834176cc7be6cf6fa0f2ea9e6764c30cd23beadcc88c390e5573bbad097

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  22892c9954cb50f81a86b01a9f10314b

                  SHA1

                  38903d3bcc700e590bd1eae0431aea473f162d00

                  SHA256

                  93bb7df70a0757fed404388acd17fe07d5a7e6164fef4511a9d27f7678da00a8

                  SHA512

                  53fb6dcaaff53f08b8d381a34f4d41f2d0edd6140b1f18c09e16e7b352eb69e801adf722c73214a83951e68ceee73cf68dd72d152c48fa4ecf16ce0944c43e8a

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  4d12bb56b7438959abeb817a35a37440

                  SHA1

                  9d65f5dc5acfcbd1e3c6baf24030b818f1498c4c

                  SHA256

                  92b9f146e6b5cff099e23e4b12ec06e42bddbcd55406120960f634d9703bdfc8

                  SHA512

                  b55e8837478cf22ee86ea4c2656f9930bb03db96cbe029dbf53a02f544e924fea7358f6bf4347f685e0a98a78c425001f605e8a4fb3e5ee29a94f56c944b40d5

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  427325ea81997c80216c1c4e098bb5ef

                  SHA1

                  a90d006c9da64acb30ce3b1206d8be5d355dd8c8

                  SHA256

                  dad767e06cea582b7908296fdf4eb0add756a4bd20edf153d4055ed9c8f93f7e

                  SHA512

                  0dca55b5fb606e0b3db4d64f0478bfb177601c6f942c5477298458f0b26f8b8d8d8bdafd29de7a913155473af610de432924452dad211ba94199be23868ae754

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                  Filesize

                  24KB

                  MD5

                  494a861dfe3fb61b7f6e9a8e1f92d179

                  SHA1

                  903db9c91a888cdd2a359e921ea2c1a958228aa9

                  SHA256

                  46ffd9cec0b1524402f64218ea9584cb751cd61e56eae54ac0ad61c55273c690

                  SHA512

                  f97bfb87546ee38f100ef52f6ee6d102d05feb378a940954a1953f5dc301e6ae7a91de2b2176dcac165a61abf867e06e3e31572a378b1abd9ea2768de76e7175

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  10KB

                  MD5

                  fd617e8912a609ac639924883ce1c8f3

                  SHA1

                  590e17c6351752ced9d75920194674bf63de212f

                  SHA256

                  28ec9fb87ad556151d7d31fc74fb17cf60890cb4e4d2592e96f2d86384baca24

                  SHA512

                  523e9c089dd289f8eef008a78d0ec56f31d19d80484f03ae1f3ef4cf3884246467daedf0ca6f5526eedf08d946086fdecec7593798041a8f9987e78c3a428c29

                  Download Submit