Overview

overview

3

Static

static

1

13dc44272e...8.html

windows7-x64

3

13dc44272e...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2024, 15:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    13dc44272e22c3973a85087a35271790_JaffaCakes118.html

  • Size

    18KB

  • MD5

    13dc44272e22c3973a85087a35271790

  • SHA1

    74e7ba3037b54a68c35c4bac297467addf3395a7

  • SHA256

    e51478b6d4b9f004af95a2b49d79e5fcdf02d2a734b18d5dd38eb5342d9d5fc4

  • SHA512

    ffc46c21063a2876cabfdd78d48d88b242fd8f251fa9fd84540a1645855e1618b476bb63fefb9c30bed8a4bd6af5aa89acfb324cb8285a8d8e9a69e1faa8d22c

  • SSDEEP

    192:SIM3t0I5fo9cKivXQWxZxdkVSoAIX4LzUnjBhhb82qDB8:SIMd0I5nvHRsvhAxDB8

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\13dc44272e22c3973a85087a35271790_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5116
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb974046f8,0x7ffb97404708,0x7ffb97404718
      2⤵
        PID:4436
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,18178789592494588495,8560683939198382861,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:4908
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,18178789592494588495,8560683939198382861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4912
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,18178789592494588495,8560683939198382861,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
          2⤵
            PID:5076
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18178789592494588495,8560683939198382861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
            2⤵
              PID:3612
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18178789592494588495,8560683939198382861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
              2⤵
                PID:2668
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,18178789592494588495,8560683939198382861,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5104 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4412
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:732
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:3668

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  53bc70ecb115bdbabe67620c416fe9b3

                  SHA1

                  af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

                  SHA256

                  b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

                  SHA512

                  cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  e765f3d75e6b0e4a7119c8b14d47d8da

                  SHA1

                  cc9f7c7826c2e1a129e7d98884926076c3714fc0

                  SHA256

                  986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

                  SHA512

                  a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  940a584cd357a9d3a5f96a90df7d5e28

                  SHA1

                  b91fb1c16bb2c3b6e392bdd6bd14948e8604a754

                  SHA256

                  96f2508d9dd3b982e5760fac37d4059ae05efe04a3611114ee58523a132b0a67

                  SHA512

                  7ed0c3dbdacc9c0db92682e9cd59398da56dcbf3a915ffd177f11ee5fc192e9062bfdf130cbf5c7e85ada6b8313d8310fc184ec77d2cc2d73e35160f469c8050

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  5c8bb1e62084b072e5042ad1d65a63de

                  SHA1

                  369ffe0ec155278f5836761a34ca7efbdc73fd35

                  SHA256

                  ec241b44b8505f753b03f81637b17ebfbbdec8cae13791113e8cfe24f5d1b654

                  SHA512

                  1d485e03c337443d29ea0da52f8d6276b68e820f97dc2de6a28a1b85d43316caf4195893cd0f1a9b46ccd5fc16bb7f832ffe805c31fe5a8010ffccc91b89955d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  bbad47db3098490a31dc5ec74412d0f4

                  SHA1

                  5e0174cceff529bccec10aeb368bbbb11a22826c

                  SHA256

                  170b276d7c7638a3e2cd37fbce3146f309dc5c2d3d355525feebbc038125bab5

                  SHA512

                  81107821bbd3907ec27443650021d587e912969a45cdc7b7877107983aa5418f0aab07dd6b2bbd6f90b1b88015d3fc1a73c68f0009d36437a2887a9347bed8f6

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  10KB

                  MD5

                  1bbe23ef9ad70ad0731b5579f0894d04

                  SHA1

                  70c7d53bdf1095f774cc1a31941ae9db7c7b52ef

                  SHA256

                  82e18090599bd5dfb2c5c7d12df5215d5a59171c27578d815a33aca526cb3cf9

                  SHA512

                  2f5745dbafeb3bea24b739b3543648a77c5ba789ca000e85ef18a4492d209a9b46567dcbf22c3dc48d4fbcb3c699cbcfdc8638138eb19e6e001abb2210e47e2e

                  Download Submit