Overview

overview

10

Static

static

1

3d1bda3881...8.html

windows7-x64

10

3d1bda3881...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-10-2024 01:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d1bda388151c2c8aebd53812c3db41a_JaffaCakes118.html

  • Size

    162KB

  • MD5

    3d1bda388151c2c8aebd53812c3db41a

  • SHA1

    c1241b7a9546158bbc51c9ccfc587749c9410784

  • SHA256

    9d7da75e4c6848bfe68baa2c56c83746d8ef85d871855a2c69b27a4d6a0470e0

  • SHA512

    f6e4b5a0604c4f59e99202aa806bb93bd142448879b956b1c63e9fddcde3d33c1e292e78ba5caff8d082150d5397fa243854ff088ec50d0909073f8b26996fcc

  • SSDEEP

    3072:T0F+LcR2+xZ5TQ+J+Yj+Bq+JAO+djN+l+2B+iKFs0dhOwodchHGd8HBfqMGQ:U+z+S+J+y+g+JAO+djN+l+2B+gEX

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3d1bda388151c2c8aebd53812c3db41a_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5004
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbdc846f8,0x7ffcbdc84708,0x7ffcbdc84718
      2⤵
        PID:652
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        2⤵
          PID:1416
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:408
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
          2⤵
            PID:1096
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:2856
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
              2⤵
                PID:2212
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                2⤵
                  PID:4760
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2324 /prefetch:1
                  2⤵
                    PID:5072
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
                    2⤵
                      PID:860
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
                      2⤵
                        PID:4532
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
                        2⤵
                          PID:2248
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
                          2⤵
                            PID:1532
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6648 /prefetch:8
                            2⤵
                              PID:4348
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6648 /prefetch:8
                              2⤵
                                PID:4236
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
                                2⤵
                                  PID:3972
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
                                  2⤵
                                    PID:4372
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,6281645901711000219,9890861418445151913,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3168 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:2252
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2340
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:764

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      0a9dc42e4013fc47438e96d24beb8eff

                                      SHA1

                                      806ab26d7eae031a58484188a7eb1adab06457fc

                                      SHA256

                                      58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

                                      SHA512

                                      868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      61cef8e38cd95bf003f5fdd1dc37dae1

                                      SHA1

                                      11f2f79ecb349344c143eea9a0fed41891a3467f

                                      SHA256

                                      ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

                                      SHA512

                                      6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      72B

                                      MD5

                                      adc96e6c1ca6321fb56a0a2816fd1ed0

                                      SHA1

                                      72f4e43d24b474aaf19a8b9f02a3076f9e039422

                                      SHA256

                                      c9edbc485f3d00b33eac94008d58b03ec12238f17c468a4a7c54405e44bf1c8b

                                      SHA512

                                      e87ee42fd36500a60e2cc28625821a1048196597bc69642af6c2d722200561795f729b5e052a9e6f9423cf98502fe9879f113087b628afd532b37570d5024786

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      88d6f2e5e80324134ebbd5f215ebd34c

                                      SHA1

                                      0f436613203b1805dace5f599173bb51ec12e8f2

                                      SHA256

                                      a9dfcd3732625287f19fa36523250c9e09bc9c4dc6efdc4f5cb671a9aeb7f403

                                      SHA512

                                      c9a4b9e9c7d81f4a6274d45a2a01e59a1dbcfb3dd68892aa8f3dd0f7b7f471a957ef65efd30a3224be49920765ce608f1dba5ab31cfc417581967baaf6dc94ba

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      1596a4e521064c81bd777f96d393d519

                                      SHA1

                                      74844a8c926dcc025e737496be5e7c1537dee436

                                      SHA256

                                      dbc6c86605f98f4fc4c169e8255b0dfe9013bac2a1ba749258ee56c14d19ff56

                                      SHA512

                                      1406ee51d0422304378108207f42205395a4f0645a189b2fa0b0ba860b5919e4651204f5294dcb80f9c5ae37c0689a407eb35c0475b8c4dfe62203b258027bfd

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      5ed84fe403895ef10e09cc414ad79b14

                                      SHA1

                                      ffdc62e98b578209063f51351446d08fa4421809

                                      SHA256

                                      7907160d4c0ede619027f3eb919c99753d7a0f4bba21592fcac1117511d15ffa

                                      SHA512

                                      584a7ba5ae63a2d01e834e224867e1b11d186ad2cb49bb93876144ac62d5b303a08b5bc8412b81be5fb90092c002956e8e1ae810ad87d6de7787efd62d25333a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      8KB

                                      MD5

                                      7f9fbb16747cad22e37a17d24b9c8309

                                      SHA1

                                      4378c8415644bd082ed9c13db310bbfedd02baeb

                                      SHA256

                                      8971898439431a84509a9824373c8eec0968822d39398b42264e07d8bf508996

                                      SHA512

                                      d56ebd4d27f753fc9c03540df7c4609798b5f4715080f956443fd38b82a2a11b96b5074e3b3d110a2d1a097aecb9028538315af9b84475a30ac389b05a20cb4f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      7KB

                                      MD5

                                      fa9f0d1843718638630fade4985c9c9f

                                      SHA1

                                      9c906fca16e5072944965fbc89b9b09b7337411f

                                      SHA256

                                      ab887f1abc877cc0a7df0d12fc03d08c83925843859dc0bfded07fa9e7d98507

                                      SHA512

                                      9ba50656fff2f695da37055423440d82ff69c0654548704832d8cc4774ef994d60c1902e16bed6e23fbe35d424595cf829b2704f68db13abb719f47673f40622

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      39c9d68fdc928dc2ed94e38bca3db138

                                      SHA1

                                      504dffc6dff545db1f95ceb8cc39a4f1c007b035

                                      SHA256

                                      fdf32b242bb44b0218a51f95e4219145f365e6265869a56c99d868db26b1e66b

                                      SHA512

                                      7e33075706adb6f40ffb1053895a1bd32d681eba0991da441fc16a673432967c52059fb2c3d6aafda452bb548cfe1f35ae362235a982ab929360e9433086e14d

                                      Download Submit