Overview

overview

3

Static

static

1

26fccfcf6f...8.html

windows7-x64

3

26fccfcf6f...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-10-2024 23:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26fccfcf6f1d9106932f32e52272aade_JaffaCakes118.html

  • Size

    432B

  • MD5

    26fccfcf6f1d9106932f32e52272aade

  • SHA1

    2fc714632812b82b46871f9367e5da860a093092

  • SHA256

    2cab4c9ea643e87c9c46c21011d681b16f5c46088a8186b34d39d3a9c33ca229

  • SHA512

    5b9830b250d6278dc6f39b25eb58c77ee6224e93b6792bb78a20dd4dc3faf7e1bfb3e292deef6073430eb8bb51778cf7b77aed2d36fd80d479c1b865dea92426

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\26fccfcf6f1d9106932f32e52272aade_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5068
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff6e146f8,0x7ffff6e14708,0x7ffff6e14718
      2⤵
        PID:3860
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
        2⤵
          PID:2808
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1592
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
          2⤵
            PID:452
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
            2⤵
              PID:1028
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
              2⤵
                PID:768
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
                2⤵
                  PID:4972
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
                  2⤵
                    PID:4624
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                    2⤵
                      PID:4232
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
                      2⤵
                        PID:3004
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2072
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
                        2⤵
                          PID:4812
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
                          2⤵
                            PID:3180
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
                            2⤵
                              PID:4576
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
                              2⤵
                                PID:2404
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
                                2⤵
                                  PID:1636
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14714553726142292822,1917212314223168867,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5048 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2024
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3868
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:5088

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    85ba073d7015b6ce7da19235a275f6da

                                    SHA1

                                    a23c8c2125e45a0788bac14423ae1f3eab92cf00

                                    SHA256

                                    5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

                                    SHA512

                                    eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    7de1bbdc1f9cf1a58ae1de4951ce8cb9

                                    SHA1

                                    010da169e15457c25bd80ef02d76a940c1210301

                                    SHA256

                                    6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

                                    SHA512

                                    e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    343B

                                    MD5

                                    b6622528cdf558d8cd951efae72671bf

                                    SHA1

                                    cb368bd7a72a47458aa77477addd4ed3a3693dbd

                                    SHA256

                                    20cc8f40b22de076208d755b5dab38a2fa253cbb679cc6931b56cada50b7ce5b

                                    SHA512

                                    2d1fc64f5384b93280d702e26a029dc219ad5a2837f8176a2bea8c0d52b3b9e7f64cf49c996710473dc809539651c895c0727063f357a35f70c4e304129417c2

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    7KB

                                    MD5

                                    ebcf6fad81dfb1e1bbba93d52e7b5412

                                    SHA1

                                    67faf1a78f7e7a72cb1fb71a3f1231e20f2110b0

                                    SHA256

                                    d66d58b9b6f181a9f3f351e92d92a411ead430d6dc867d29ff2f75225f747f22

                                    SHA512

                                    3beaf4224a2ca982dab37e0977e1483729bd27f1dd22857873f9dfdf540d99683dcb54603dae3a8eee48a4e8a428695f124af3e7917ca448ec5b70939f919640

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    23a93bee43bd5919c88356686935629e

                                    SHA1

                                    5f8af812539a3c8b506b941df309ea4e22dc9b31

                                    SHA256

                                    ee9a79ebe72608b6cda3d4ae280e08a071c181f3bc5fb3371d51655e05f4caf5

                                    SHA512

                                    33b6b09d59ce612b1ce7034e057732b40527f021f2563e047f05df2d191e8eebcf657f79387e80ff0dd6c61965c37b2ab6d833b2cd3399d6086f8e3843e148a4

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                    Filesize

                                    72B

                                    MD5

                                    4166303efc2bac15b38522f6a04c50a2

                                    SHA1

                                    202af375d281f281ab153f40fd4b40512773056b

                                    SHA256

                                    7226183840bf9ff67544aef7b5a88cb65042953b8feef8993ad5f69a26921b99

                                    SHA512

                                    d47073eaada71b61304d10bd9c0373ead8277b9330d5b4a32867075e65696bd5405eaa57f739100dce26adedcc71c3e62700ef1b7f5eec2bf3d39c60a6f8b3c4

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fd0d.TMP
                                    Filesize

                                    48B

                                    MD5

                                    a1877958e80f4ea3976ec6daf5bb9316

                                    SHA1

                                    b0f8c1d5837ea3232b96d1e646b32b4a988acb54

                                    SHA256

                                    588c9c3774eeb53ad1df520aabb3cc6f07040202f9340eccdcf988e5444c05d0

                                    SHA512

                                    bea29057d9139ec83a15de70775edcb99171b7b1ef1ff0e52a22377ffc8eefe45ef6edda7a3f68b92228093019bf2e184ac970cfafe18b5c934799d03c442a96

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    10KB

                                    MD5

                                    75a1371c6832a291a5a5ed0b9fe0fc34

                                    SHA1

                                    833b38c9f4d20b971020e54b9c564777e2c534c0

                                    SHA256

                                    29b21f95cd7105794e2f620db2f5ef72db4267a20c6c4b2b383402c17eea33f6

                                    SHA512

                                    b438e57d0f02c029e4865e315f7c78c4cbbe3f76e6d8d90ee068534f9fa02a981fa4f8f0ca42dfaaa56620b8333ea814b106cdf72df6fcbf2f4e1a97eab79554

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    10KB

                                    MD5

                                    4bde001769edf6fb614b57b14be70205

                                    SHA1

                                    6eed310424190137f2981e0d37b4df81cebe289d

                                    SHA256

                                    256494d69e013f7f179cafba8c5ce46afeaaafd99c94a707938d3c84e397b157

                                    SHA512

                                    42c217c26c6fb6e07284fb3e19d56ceb0f6b67e0356437b12148ba4c40653e515ec0adb9d5d9db594c766eab59778941453cd88b85a8c2682c0b598badee73da

                                    Download Submit