Overview

overview

3

Static

static

1

2e44d175d4...8.html

windows7-x64

3

2e44d175d4...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 08:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e44d175d400bc25396b0f2b95096c39_JaffaCakes118.html

  • Size

    43KB

  • MD5

    2e44d175d400bc25396b0f2b95096c39

  • SHA1

    0e53749755a779fc10b32819b3ead2a5179da608

  • SHA256

    583f1a946c07900364338a2b7fee240edafafd04373edea32b93adf99f52e841

  • SHA512

    8cd9685b8298480e597dd66cb389f4aa5747cd243446b5780571b25c54d8dd8bbcc9fe63cefc92189b9620c9e46742ec257bb0f4afcf0fa53e9d5c76ae514bcd

  • SSDEEP

    768:b3/sp02e4QWKnJ4YeP/QS3yszxzqk+q5fjIWt/Ue22eyaEe0jxjHR4ByeTT3UyXK:b3/sUeP/QS3yszxzqk+q5fjIWt/Ue2Rq

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e44d175d400bc25396b0f2b95096c39_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4432
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3f6d46f8,0x7ffe3f6d4708,0x7ffe3f6d4718
      2⤵
        PID:3200
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,4473191355177323161,14560579439323741747,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
        2⤵
          PID:5068
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,4473191355177323161,14560579439323741747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4912
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,4473191355177323161,14560579439323741747,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
          2⤵
            PID:4744
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4473191355177323161,14560579439323741747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
            2⤵
              PID:1696
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4473191355177323161,14560579439323741747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:4512
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4473191355177323161,14560579439323741747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
                2⤵
                  PID:3748
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4473191355177323161,14560579439323741747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
                  2⤵
                    PID:1288
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,4473191355177323161,14560579439323741747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 /prefetch:8
                    2⤵
                      PID:4920
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,4473191355177323161,14560579439323741747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1600
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4473191355177323161,14560579439323741747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
                      2⤵
                        PID:2152
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4473191355177323161,14560579439323741747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
                        2⤵
                          PID:3672
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,4473191355177323161,14560579439323741747,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3500
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2388
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4444

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            0a9dc42e4013fc47438e96d24beb8eff

                            SHA1

                            806ab26d7eae031a58484188a7eb1adab06457fc

                            SHA256

                            58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

                            SHA512

                            868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            61cef8e38cd95bf003f5fdd1dc37dae1

                            SHA1

                            11f2f79ecb349344c143eea9a0fed41891a3467f

                            SHA256

                            ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

                            SHA512

                            6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            309B

                            MD5

                            65e3bdf163cf39e44eddcab3bec7ea1a

                            SHA1

                            111355cda6f5312c9e4174b48de4859f0df7474e

                            SHA256

                            e9b3aa046d724732415c783be7e8cb326bbe1deb7a0cec2a843a60f374f970dd

                            SHA512

                            067d83499bc883b49c21fa2142c10ecd4cebb401b600b1bdd927bfbaf2701c800414f59c3a00d443981f75215d0688bc28f345e203041abb3dd280fdda6c89ed

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            687b648a7ecc0d06cbf52b26a0119701

                            SHA1

                            1c497fa5a052614edd7c916189d25126381bb0b4

                            SHA256

                            f5c4dba514c45ab86d4d3161277e08bfa7f8efb026c1a38ad7cc012c603f03c2

                            SHA512

                            1fb1dd2a4316c6df4824a7a33eac740c33ecd603a9f58798421c6cbbf294e7ad718f249ff5d32401a42d4430b8b8c8016b641f874ec9ca14d161b8baabb304f6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            1663dce3b32a8a8db6ed27fd64bb94e1

                            SHA1

                            f5adc3df7346552ae32e44540a327ff6032aa953

                            SHA256

                            5a386ae2fc274c03ca41f91dd2d852678aa3ddbc1cc811d6937926108353f361

                            SHA512

                            e55bf22c3298cd5edeedfcf2762c32215b0c86a5630071df0aea5a7bce041d575d986bc6bc51388ad9efbd7de98b1be882bea9b5b0f684795f02bc49778e4172

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            1cfc34baceeea873b372221580c8e419

                            SHA1

                            53e0aecee24d3e0d52b7c1ee3a01267d411b9b9b

                            SHA256

                            5f7061e96facb3c12e33bd935b1569b044776376b6f77f36b7b5576e96511bba

                            SHA512

                            237eef342eecb45d611313935ee7959a9ad8faa05c683762216c83c6aa46e246007430021def5948daa8d5d7900727db4a4d72c6dfc5c113bafac510309b5b0f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            2d80895a967a8ed4b13bcd1b8186de96

                            SHA1

                            4cd6e6d590d80425743bc11727b360cd4f5b9efe

                            SHA256

                            74d76f10e437e31e85093b9630463620d394a3057039b8004b49a8727f1980c2

                            SHA512

                            d66a257da1568293f04bc1d8bf48e518318fc2cc638e30c764ca1a2010be58cd79507c5b1fbafff0bb7e1df77ae1207cb4f51dadb4f622312f10f524dbf51c48

                            Download Submit