Overview

overview

3

Static

static

1

0847c4db47...8.html

windows7-x64

3

0847c4db47...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0847c4db47a235f8f711d12befdc85f7_JaffaCakes118.html

  • Size

    32KB

  • MD5

    0847c4db47a235f8f711d12befdc85f7

  • SHA1

    4731dbffec3971cc60c3d124bb1c9e71907efb80

  • SHA256

    f293027161ff7d887a95cb29413a5e9836f7c5a3747b12ff815d0d631c29941c

  • SHA512

    fd81bb3eb0c119f442e7c91b76cef0e0cbbdb6abb10e8a86f156a4d5febaa5b443818977df4f58a9a66a60a488ad760f7505e05305cbc45f75b7829d69c784dd

  • SSDEEP

    768:frS0m8//PZPrrgHaOiKOmhlPYXxAEAB9//UG5GlCWewETJnmVtk75DJpEZfP6zZO:frXmo/PZPrrgHaOiKOmhOXxAEAB9//UX

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0847c4db47a235f8f711d12befdc85f7_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82e9a46f8,0x7ff82e9a4708,0x7ff82e9a4718
      2⤵
        PID:4012
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3611838359529789223,1291016488536412872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
        2⤵
          PID:3700
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3611838359529789223,1291016488536412872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4852
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,3611838359529789223,1291016488536412872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
          2⤵
            PID:5012
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3611838359529789223,1291016488536412872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
            2⤵
              PID:3472
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3611838359529789223,1291016488536412872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              2⤵
                PID:2384
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3611838359529789223,1291016488536412872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4540 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2432
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:1672
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:2284

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  e4f80e7950cbd3bb11257d2000cb885e

                  SHA1

                  10ac643904d539042d8f7aa4a312b13ec2106035

                  SHA256

                  1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

                  SHA512

                  2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  2dc1a9f2f3f8c3cfe51bb29b078166c5

                  SHA1

                  eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                  SHA256

                  dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                  SHA512

                  682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                  Filesize

                  182B

                  MD5

                  2dd26bf7e3f907e950593265160d32a6

                  SHA1

                  88dd95d3cdc297c136b0b9c914e7a6f13b534dca

                  SHA256

                  0da4e79e4e6632bc7e68e2f2de05b9861fd34b3162a6b241c1285febeab0f4c6

                  SHA512

                  e1c1a8425df51059cba45b09960a0b8085bf32269d6b1391de5929501bafafee5c13be65f1cd0350230b0c68186cee5230e3da89e20ca7c299b6a9fa779be6a8

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  c47c0ebed8292f2f6c1a682f64bbf796

                  SHA1

                  125fcfab49294de76f2f1d9c0782d4d175bef9db

                  SHA256

                  a16048fae651c447b11ad41d3742acf30a06c9a287bd481d49b1be156fc12f20

                  SHA512

                  b3f1cfaad1232944c0fe581da82c164c3681c56bbb60ecd40ea26a545b46ee1adccca887e4bcf57354b6627da0c70b230dff8cb68c4098428e5ca23f28ef9e17

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  46277fa77e3cd1d2b8829289fbcb1fa1

                  SHA1

                  cec748f5d0df41603b766071234b38da52daf8bc

                  SHA256

                  c0f5dc2800e146665e0b3bb691dfaf677db823959d6f8d4cb7d711933b0e7319

                  SHA512

                  76c896c5d79b55a2e4642049870ea3e13aa724a99ab500ee8f90870ed2f3fc78a5f90fcdcda1202ed89fd1e2923b5ba3d385e2a51845b10743877233eb49c8ef

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  10KB

                  MD5

                  e131d24d1b3d6339b1f76df9833a38fc

                  SHA1

                  853fe1483bd20b1717228cb550fa7cbb534f6297

                  SHA256

                  311185fd1431cc06930fd5f0b13484c743afe5f7657d87b967eab6e1c1e3a1ac

                  SHA512

                  37a6d987107f08f18b490f1f4a95f17a1686a4b51c3f1c5edf01bf221c7abbdbac212d171abacb100f3cee3cd981710780ee1016bbe7e75baccf34d526fe8e79

                  Download Submit