Overview

overview

3

Static

static

1

405c46a7ed...8.html

windows7-x64

3

405c46a7ed...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2024, 14:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    405c46a7ed06fc25b0250e49e76c6f4d_JaffaCakes118.html

  • Size

    5KB

  • MD5

    405c46a7ed06fc25b0250e49e76c6f4d

  • SHA1

    a29dde6269edce56f9618392347f713fcace47e4

  • SHA256

    18fdadccc963014d25b3fb49e746c0840da198ba9c742831c10749016eccab9c

  • SHA512

    704b902469fe91c2dda20415e913a55f07692bcf7b3abcba513b9b589ea53282c3551186fc1fd6618d102b66814d26d014ade2e92799f58d7cdef4b19671c64d

  • SSDEEP

    96:T9Ha2Bc0s+voUbDGDJyjXIRKDeWo/nym3rV8l9:pHaacCg6GDJyjXIRKDvo/nymby

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\405c46a7ed06fc25b0250e49e76c6f4d_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4528
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8266946f8,0x7ff826694708,0x7ff826694718
      2⤵
        PID:4932
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3361790313258263327,15446516522986139478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        2⤵
          PID:764
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,3361790313258263327,15446516522986139478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2208
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,3361790313258263327,15446516522986139478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
          2⤵
            PID:4796
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3361790313258263327,15446516522986139478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
            2⤵
              PID:1392
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3361790313258263327,15446516522986139478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
              2⤵
                PID:1080
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3361790313258263327,15446516522986139478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
                2⤵
                  PID:3104
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3361790313258263327,15446516522986139478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
                  2⤵
                    PID:3188
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3361790313258263327,15446516522986139478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
                    2⤵
                      PID:1044
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3361790313258263327,15446516522986139478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3720
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3361790313258263327,15446516522986139478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                      2⤵
                        PID:1760
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3361790313258263327,15446516522986139478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
                        2⤵
                          PID:1672
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3361790313258263327,15446516522986139478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1
                          2⤵
                            PID:4468
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3361790313258263327,15446516522986139478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                            2⤵
                              PID:3944
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3361790313258263327,15446516522986139478,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5228 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3776
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:5036
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3612

                              Network

                              • flag-us
                                DNS
                                efrosforum.net78.net
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                efrosforum.net78.net
                                IN A
                                Response
                                efrosforum.net78.net
                                IN A
                                153.92.0.100
                              • flag-us
                                DNS
                                system4home.pl
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                system4home.pl
                                IN A
                                Response
                              • flag-us
                                DNS
                                72.32.126.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                72.32.126.40.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                95.221.229.192.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                95.221.229.192.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                212.20.149.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                212.20.149.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                18.31.95.13.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                18.31.95.13.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                75.117.19.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                75.117.19.2.in-addr.arpa
                                IN PTR
                                Response
                                75.117.19.2.in-addr.arpa
                                IN PTR
                                a2-19-117-75deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                70.209.201.84.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                70.209.201.84.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                13.227.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                13.227.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                171.117.168.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                171.117.168.52.in-addr.arpa
                                IN PTR
                                Response
                              • 153.92.0.100:80
                                efrosforum.net78.net
                                msedge.exe
                                260 B
                                 5
                              • 153.92.0.100:80
                                efrosforum.net78.net
                                msedge.exe
                                260 B
                                 5
                              • 8.8.8.8:53
                                efrosforum.net78.net
                                dns
                                msedge.exe
                                66 B
                                 82 B
                                 1
                                1

                                DNS Request

                                efrosforum.net78.net

                                DNS Response

                                153.92.0.100

                              • 8.8.8.8:53
                                system4home.pl
                                dns
                                msedge.exe
                                60 B
                                 117 B
                                 1
                                1

                                DNS Request

                                system4home.pl

                              • 8.8.8.8:53
                                72.32.126.40.in-addr.arpa
                                dns
                                71 B
                                 157 B
                                 1
                                1

                                DNS Request

                                72.32.126.40.in-addr.arpa

                              • 8.8.8.8:53
                                95.221.229.192.in-addr.arpa
                                dns
                                73 B
                                 144 B
                                 1
                                1

                                DNS Request

                                95.221.229.192.in-addr.arpa

                              • 224.0.0.251:5353
                                msedge.exe
                                588 B
                                 9
                              • 8.8.8.8:53
                                212.20.149.52.in-addr.arpa
                                dns
                                72 B
                                 146 B
                                 1
                                1

                                DNS Request

                                212.20.149.52.in-addr.arpa

                              • 8.8.8.8:53
                                18.31.95.13.in-addr.arpa
                                dns
                                70 B
                                 144 B
                                 1
                                1

                                DNS Request

                                18.31.95.13.in-addr.arpa

                              • 8.8.8.8:53
                                75.117.19.2.in-addr.arpa
                                dns
                                70 B
                                 133 B
                                 1
                                1

                                DNS Request

                                75.117.19.2.in-addr.arpa

                              • 8.8.8.8:53
                                70.209.201.84.in-addr.arpa
                                dns
                                72 B
                                 132 B
                                 1
                                1

                                DNS Request

                                70.209.201.84.in-addr.arpa

                              • 8.8.8.8:53
                                13.227.111.52.in-addr.arpa
                                dns
                                72 B
                                 158 B
                                 1
                                1

                                DNS Request

                                13.227.111.52.in-addr.arpa

                              • 8.8.8.8:53
                                171.117.168.52.in-addr.arpa
                                dns
                                73 B
                                 147 B
                                 1
                                1

                                DNS Request

                                171.117.168.52.in-addr.arpa

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                b8880802fc2bb880a7a869faa01315b0

                                SHA1

                                51d1a3fa2c272f094515675d82150bfce08ee8d3

                                SHA256

                                467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

                                SHA512

                                e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                ba6ef346187b40694d493da98d5da979

                                SHA1

                                643c15bec043f8673943885199bb06cd1652ee37

                                SHA256

                                d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

                                SHA512

                                2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                9c525793667e44ac276b1dde12953efd

                                SHA1

                                6409fbcc91a41e2696463850c5cf6f4cb7904c9e

                                SHA256

                                896a2f46d35856ea38cc53dc6b9db12606d0613f25aa25ebac4793e1478a441d

                                SHA512

                                f46f62861c3d6a31a0b18a50a4ed936ae587d6461ef5228132146f4787f456a27140b3e1a3e52cc4b536ca61388c600ec3ef005214a052c87edb46876310b803

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                a9d8eaecdd1979ae74e5e4f1542aa0d0

                                SHA1

                                9add2ad2d2092968add4182d95e4d93bb3f86f8f

                                SHA256

                                a1c8fdf82747261036412fc1f851acb7e46752387369f831b2d8e2425268732f

                                SHA512

                                bbfccc2a1b8e7e2b40c116a27ed0c3b10bd1002e7d5b97a2e4d7e00c9972c57e89da1b767d12bc32b78200dff23f2bb5575eca810b37a6c80a139884188d0271

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                10KB

                                MD5

                                09341aef7136163c886562e02b6ad5e4

                                SHA1

                                160953fa47dc491378f97b2abfb0d848cd015a9b

                                SHA256

                                a64b385e465cee33c12b4eb9d2542d22bda3deaf911e7b881bb60c144ea235e3

                                SHA512

                                30084e2644807e01497e9804028826a197095de9e5323ebab85ab59a66ed28005435301dcf79b27f129fee7cc4ebbf7d132893f4fd58db960973387c3270b104

                                Download Submit

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.