Overview

overview

3

Static

static

1

3b4e059bd1...8.html

windows7-x64

3

3b4e059bd1...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2024, 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b4e059bd1032f4c7e424893e39a0ce8_JaffaCakes118.html

  • Size

    214KB

  • MD5

    3b4e059bd1032f4c7e424893e39a0ce8

  • SHA1

    14a7cd66475295dea6189e85af0932afd35f6acc

  • SHA256

    4eea9be1fc385c2ffbc48c7ed9333f6388e535651fe0cf3e466c8abe5618ec1d

  • SHA512

    cd0877e919181baed85cfed47cc1f774b8cbc6619777d9fd8e744ad024239fd35efdcd66d3e25d32ecaf52e8ad7d2d936b38bae8da73af31b273d30069ce4c52

  • SSDEEP

    3072:ErhB9CyHxX7Be7iAvtLPbAwuBNKifXTJc:8z9VxLY7iAVLTBQJlc

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3b4e059bd1032f4c7e424893e39a0ce8_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4548
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbbcb46f8,0x7fffbbcb4708,0x7fffbbcb4718
      2⤵
        PID:2152
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5769373938576212212,9187376531773710886,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        2⤵
          PID:640
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5769373938576212212,9187376531773710886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4460
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,5769373938576212212,9187376531773710886,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
          2⤵
            PID:1636
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769373938576212212,9187376531773710886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:5072
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769373938576212212,9187376531773710886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:5076
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5769373938576212212,9187376531773710886,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:3900
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:5036
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:988

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  6960857d16aadfa79d36df8ebbf0e423

                  SHA1

                  e1db43bd478274366621a8c6497e270d46c6ed4f

                  SHA256

                  f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

                  SHA512

                  6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  f426165d1e5f7df1b7a3758c306cd4ae

                  SHA1

                  59ef728fbbb5c4197600f61daec48556fec651c1

                  SHA256

                  b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

                  SHA512

                  8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  60cf57099586f2f957353afa1c0dfa9d

                  SHA1

                  58001147338c1b4807f7b0524d71bc28c9032510

                  SHA256

                  c6444014fd888546dfdc67ce4ebc04120fbc3951e4c72ce73db3150675329e2d

                  SHA512

                  680dfcf283e1345711aaeeebc4beae6f0a01a574dc2043f965c597148ff7c52b26d9d65541e3243e0896aef0bbdbdab954bc8011f71c1e0160b2162646e10741

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  03194023ba524916461e74ce1a4d6777

                  SHA1

                  09e1735fa63f04f0992c4b68acb0501cc8e368a2

                  SHA256

                  651f8b624af8c65783ff0a7246037aa4221788c137e9dabb0ea804e51967ce57

                  SHA512

                  feee6d9bcd3fc7c6bfb50633ac3864040e083d62ce650b61dc724180f4ec6265a6c5825125c731220d42d16ccec0bcf3b462bd7348d163ddc1cbfbb213f0e411

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  10KB

                  MD5

                  38593cd8197ac95088beef15d4383552

                  SHA1

                  ab531f3720625be256ae80a844d3b7555d3946ca

                  SHA256

                  4ce762d376345af52c720f7dec2e47be7f465d17f2f0b1d6fced38a0a4f66712

                  SHA512

                  0ce1231d32af73371843a218a1ae563e48f8ad8d956bc33510bac32c14d94d082f90737bd8525cfb956083acc95718e2d1f92238d0b3ea21669d8d9c1e328251

                  Download Submit