Overview

overview

3

Static

static

1

15f72a654a...8.html

windows7-x64

3

15f72a654a...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-10-2024 03:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15f72a654ac653c18e30a387302c52f4_JaffaCakes118.html

  • Size

    10KB

  • MD5

    15f72a654ac653c18e30a387302c52f4

  • SHA1

    72843ce65714c43338f71eed8c8cb65d6cc11545

  • SHA256

    7221a4bbcbc57f5b735ac28a93a2aa0919dd468b7fce960868b338976f89f57d

  • SHA512

    2cc4ab22b32fbe4d4041fcb0c6d33a10f506e61a3c12f45403bdf2e0d7185a55765534116c8f72a67a698d6e886b6286916fc96bdc0dd53cd8ed790bdcbcadf3

  • SSDEEP

    192:j6+/mefWD0TsdiA8aUvyuwXHD+/rh9c911N1Wtop/GK5QJ6EgFJf0Gm8uI:j6+/m/ysdj7uwTU3i11a6OJoJf0Gm8uI

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\15f72a654ac653c18e30a387302c52f4_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa62ab46f8,0x7ffa62ab4708,0x7ffa62ab4718
      2⤵
        PID:744
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
        2⤵
          PID:1208
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4964
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
          2⤵
            PID:3688
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
            2⤵
              PID:4364
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
              2⤵
                PID:3600
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
                2⤵
                  PID:4376
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
                  2⤵
                    PID:2688
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
                    2⤵
                      PID:2648
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
                      2⤵
                        PID:1404
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2840
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
                        2⤵
                          PID:3732
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
                          2⤵
                            PID:2716
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
                            2⤵
                              PID:4520
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
                              2⤵
                                PID:928
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13118246880510656032,3494748608180489771,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1256
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:1928
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4816

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  ab8ce148cb7d44f709fb1c460d03e1b0

                                  SHA1

                                  44d15744015155f3e74580c93317e12d2cc0f859

                                  SHA256

                                  014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

                                  SHA512

                                  f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  38f59a47b777f2fc52088e96ffb2baaf

                                  SHA1

                                  267224482588b41a96d813f6d9e9d924867062db

                                  SHA256

                                  13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

                                  SHA512

                                  4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  72B

                                  MD5

                                  ccb9e9bfc0fd83be32087219eb4654a3

                                  SHA1

                                  ac1e5d1b824d0fd0180ce6550656413673187a86

                                  SHA256

                                  f7baa3fbb13a857dd2eaa5ca54fb920301450d0dbcb2c63600fadc73c7a8ba3e

                                  SHA512

                                  5af0edd8a286a53c8ceb0a0dd9056f8ad3dd8311c582704300a7fd528197e49182878e5657ee9ee1e48a5d458c64ce7618152bbe06516865316d7c54ceb836dd

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  422B

                                  MD5

                                  fd72814bb07af9b4f6563c9fba2049fe

                                  SHA1

                                  ebf52415a3ac200e12846f3b0d5d7b0c2fd08761

                                  SHA256

                                  7e6ec2575ba837d71b5f383f19675d7e15ceea19ac9217513d970f66d3b7a975

                                  SHA512

                                  040e47aff7c057e59085dcd6e7ab38fd7402852c643230a7a5ecae98a3928f07acdc60a02c02bbd0bf59748bc93d1cf3aeb514b77dacb2168ab752ea359c259a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  2904425c47a3f2147c0ed1c1e76faa11

                                  SHA1

                                  ff25ab996dd53f29dd6a096071bd4db287f60d9f

                                  SHA256

                                  0f0a1a1567656e85a8b1baf0a01fa2ef67df418de8860ce01a443f68499aad30

                                  SHA512

                                  6fe7aedd76faa22d4368f6251385a1b1170a1a4e35813492e1854bc51317830f4477804c24f86966dd24f328d914a1a0166ebe879e9ce2f7a1aa7c6593fc6c42

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  9b9f0630a0b3d4b1d11ba033cc82f6d2

                                  SHA1

                                  db5fbef761d87eeed043c8d05d8167536d423b45

                                  SHA256

                                  987ae28fb93f79aa7453b5567be28cec10c3c5843fbec774639a6519f999c29b

                                  SHA512

                                  a558ea0a750424ae1e44ad59d9e991e3bbee10324359c8fbfeeb5d93c21a5359ff4e5cf9ca2968980b127d95c0e40c37d4f905d52cf80d39e22ccb153513887e

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                  Filesize

                                  704B

                                  MD5

                                  4dabfd9813f1c1ad9c3efed372f05b63

                                  SHA1

                                  9b5b93077d134f49283dc1894d793ed0801371af

                                  SHA256

                                  f361ae226fd36ba93bcb59ddf893ca0f35ec1223ebcfea2d3ac5e83e1f053bf3

                                  SHA512

                                  e7bbf3b88db082d68b3d35963648e8b1c74a715c0817d92a4c83b363d07928df73d3e8dc6a75d7a8ac34962c1601107d707036730cc6022575a09493c8f7c015

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c8e.TMP
                                  Filesize

                                  537B

                                  MD5

                                  d62c7d3f4b5655f75c55007d8e40ad0f

                                  SHA1

                                  c6d1b60123e9be1ac86eda6a961030952be394bd

                                  SHA256

                                  fd341628c018f81570eed515b739839d1d7859b578de451b1c334fa218a95494

                                  SHA512

                                  3cbec35a3a1db5dc103e8e07dae8672bbe26f347dd1232fd7e5cd06f113d0d8b4664838b0bb217ae0632e8b7c44351e6bc816f1846926c10c392aa3da1d3731f

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  4e9ad23e74c51c1f6c698cbae5d70da1

                                  SHA1

                                  de00fdd0ec11d52546525f5db0f28a29f51b9902

                                  SHA256

                                  bde9b9ba1c13b9c47de66e90baf7a02a9a6a3debe3c244b18357bce0a08c1a76

                                  SHA512

                                  891a952332051d9907e684716059d619d01ca4e1946976d1df7d8503768dd3545db0f1bbc21a7874e8ed811f43d50dab37758fa609fe41170ddcc846d2d851c2

                                  Download Submit