Overview

overview

10

Static

static

1

474ebb3eb8...8.html

windows7-x64

10

474ebb3eb8...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-10-2024 10:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    474ebb3eb8e8760c5efd5521ba922889_JaffaCakes118.html

  • Size

    126KB

  • MD5

    474ebb3eb8e8760c5efd5521ba922889

  • SHA1

    a3b0c0e58b1458d1d18d3cb8cbb66b2e70850e5f

  • SHA256

    594d77bed843282014b5359f2cf77d31afb9281e5bf338127a2f7ef85e3d3751

  • SHA512

    d3b6e482e86870c6bb7d95d14ee105fe715c2bc8a05810e315d60e8cb72d2e5c5abfb29810ede3f0bc96228fd92d2df4dc9b74704ad9261d7c01392c6e58db60

  • SSDEEP

    3072:pUUCWDxYxQ2PDxYxC2T/Z1syoEZNgyj3ySefhENE/jzCqezqg3RO:pUU1DxYxQ2PDxYxC2T/ZSyTYl

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\474ebb3eb8e8760c5efd5521ba922889_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcad9f46f8,0x7ffcad9f4708,0x7ffcad9f4718
      2⤵
        PID:4244
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
        2⤵
          PID:64
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3716
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
          2⤵
            PID:3804
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
            2⤵
              PID:5068
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
              2⤵
                PID:5076
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
                2⤵
                  PID:3292
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
                  2⤵
                    PID:2388
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                    2⤵
                      PID:2972
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
                      2⤵
                        PID:2716
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
                        2⤵
                          PID:2228
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3120
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
                          2⤵
                            PID:4120
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
                            2⤵
                              PID:2168
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
                              2⤵
                                PID:624
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
                                2⤵
                                  PID:2368
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,6327794302431217273,5243486927988976586,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4956
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3864
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4116

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    bffcefacce25cd03f3d5c9446ddb903d

                                    SHA1

                                    8923f84aa86db316d2f5c122fe3874bbe26f3bab

                                    SHA256

                                    23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

                                    SHA512

                                    761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    d22073dea53e79d9b824f27ac5e9813e

                                    SHA1

                                    6d8a7281241248431a1571e6ddc55798b01fa961

                                    SHA256

                                    86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

                                    SHA512

                                    97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    96B

                                    MD5

                                    72469d7af5e1ee6d5502d2ff468118c6

                                    SHA1

                                    5dd492c3c7c18c4730810850f84fbd8b60545982

                                    SHA256

                                    af4660d762ef2e0cb008937df72eef05478b0cc1ff673dc34e55fa78d135e24b

                                    SHA512

                                    4a28a2df3d61bb86645f1c8f8523e11d6f76e590a790c24555edc4ed1cec02d07408c541ef16974c585e4470def0f54c09a90f68e4a53810a751dfce64a6ecfc

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    1KB

                                    MD5

                                    e14b0072733683f77292a711662b086c

                                    SHA1

                                    39052800e155a64f0c1a34499a75291af740492c

                                    SHA256

                                    6b4066839cc4df161990fddd8a2dfb0d38f05b3de0bd0260c0134a38461ead80

                                    SHA512

                                    729619d8013cf68ffa9b0af09250cf194ace68d8bdfa7bf3997fec6f8fc32b2f52e2bc3585308ace73554b29e4ed261f9f638d3d5e3211a00f3611ac8d92036e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    1KB

                                    MD5

                                    75e6e36d581b66d5099dc3758929f792

                                    SHA1

                                    9e961c33f7a52d7fcb8d1c456fc17f24addbfe1b

                                    SHA256

                                    8412e7450443061d25e4d7d3ee8053b7dd56d11278a3b293fb10e73f86d0c7dc

                                    SHA512

                                    f331cee2770a60e8fe32fe1fd49f45057231c27abd1d996558b3bd8247707cde23ba22b7664e076a54a979ce738400646849ed2881186abdbaed28ec5d6bdef4

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    8cfaa6a36c847ab85cd174150b3fca68

                                    SHA1

                                    7132f83f68be8da00b776851785c7dd710611bd4

                                    SHA256

                                    9d38afbbe033be2e39475483d662009481fd593386a3a027f1e9e6a75e4b3be7

                                    SHA512

                                    9b8b012e00b041415eb597266537ff6fff36cec81a30378174b58cefdc8c4da0e98c3830206b298776e5d54fe3205634572bdd5a95a8ad6f8739e8bf64248aef

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    7KB

                                    MD5

                                    51c4cc2024568c1813c917aa1c0b81e0

                                    SHA1

                                    57bf7d44e1d42e79be15c6b46b1ca7dd6d96fbcd

                                    SHA256

                                    da8adb98985be1ffc4a902e42e532380cb205e22b716286350c2544a38999054

                                    SHA512

                                    5d17aad09332d8b77cf9ed4e64f5c193465fb6a9abf1fb6fa718dfc11f5c53bb3a254d3ed9516e8d74c973a7e33f974bf8469ddc90e841d97e25bbe0c9cab2b3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                    Filesize

                                    199B

                                    MD5

                                    088b24ab1e4b56aec1309b925dd0eb27

                                    SHA1

                                    ea92650eed6013205588c77580091780a321016e

                                    SHA256

                                    bc4dfabb7e242a4f0519bf0557ffaa7eaee4941923f6bf5555ec8658b8c9a179

                                    SHA512

                                    70458257264028fc5a52d640e67332ded534843d7aa801a0d1f4edd428f5854d674453c2a53d732bd6afd87711ba88e8dbab70df0f37b12a8137e12520bf9277

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589efa.TMP
                                    Filesize

                                    203B

                                    MD5

                                    12dd7a93e25e991eec2ce10a983495f0

                                    SHA1

                                    b8fa5462156299f3948bae8a7e15eabe562df8ae

                                    SHA256

                                    cd0b77273545f3dcbc86d53cb23ffd078e85b87cf2a4864b4efb26209c24a572

                                    SHA512

                                    e44a783657735ba46e467ca611bdba9abb2c8adc7bf397d08eeab82867c0812b2521de4b02f5df21bceaa887bc857cfe47e47b24bb9b0ac97e9bb4a88ead8189

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    10KB

                                    MD5

                                    2965935852bef218978aa7e208bc0a9e

                                    SHA1

                                    b69c4a5cfc77163106a09f41715c005d02297b89

                                    SHA256

                                    f7bfa2eab1bd5c5c3d83ada713e9d70c81aeb5f84e9016aa5ba7d4b6579d3b76

                                    SHA512

                                    205829b640e5fe6b69f0816a22f4372542960198c74339d400e270b7049496d3e1595e0ea3707a47a0409a40af7bd91997e80fd955a026b9b29874a96db4195a

                                    Download Submit