Overview

overview

10

Static

static

1

82354b26b5...8.html

windows7-x64

10

82354b26b5...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-10-2024 07:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82354b26b5b790bafbe16e6a09eeb29d_JaffaCakes118.html

  • Size

    146KB

  • MD5

    82354b26b5b790bafbe16e6a09eeb29d

  • SHA1

    18a5a000c13664905f49e5dbbab933b631bffd06

  • SHA256

    bb7fcbd5bc9825932bac0a485d1b838d45be58797eb28f6421c6c5e25f0df251

  • SHA512

    99cd230166c9715a4c0eee988d323399c204bc3a3b5d36c6ebe9204d4d64138c462cca7e1246ac71e36b872e90d5793f6db1ece096203351cff3fc5b36f84c4f

  • SSDEEP

    1536:upUJEEJXFfGi8r8CjanDD9BVZfkjnJKlf5wrw+ie:up2JXRq8CjanfVZfcj

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\82354b26b5b790bafbe16e6a09eeb29d_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:436
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd70846f8,0x7ffcd7084708,0x7ffcd7084718
      2⤵
        PID:768
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:3620
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2024
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
          2⤵
            PID:2260
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
            2⤵
              PID:3216
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
              2⤵
                PID:2304
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
                2⤵
                  PID:4388
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
                  2⤵
                    PID:2876
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                    2⤵
                      PID:2824
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
                      2⤵
                        PID:1844
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6524 /prefetch:8
                        2⤵
                          PID:4848
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6524 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4920
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
                          2⤵
                            PID:1608
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
                            2⤵
                              PID:2116
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
                              2⤵
                                PID:5192
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
                                2⤵
                                  PID:5200
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17281563005064471277,8116756175023946742,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4420 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5752
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1232
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:5008

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    6960857d16aadfa79d36df8ebbf0e423

                                    SHA1

                                    e1db43bd478274366621a8c6497e270d46c6ed4f

                                    SHA256

                                    f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

                                    SHA512

                                    6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    f426165d1e5f7df1b7a3758c306cd4ae

                                    SHA1

                                    59ef728fbbb5c4197600f61daec48556fec651c1

                                    SHA256

                                    b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

                                    SHA512

                                    8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    72B

                                    MD5

                                    a68578a3846e5b90006229ff81b56fae

                                    SHA1

                                    191d177470a566b79bf4ff5e32fb5db10c57e86c

                                    SHA256

                                    a89fbf1b9daffe0aa9151553972a4f186b01c6d8d5a551c33ee53d15c8b05347

                                    SHA512

                                    d51fd3233b03d26530e5f9d757c291dc42cd9f45976aae129a63b865fa890be41904fe483cb7e2a4b5f0e907d6bd975fe1ee59f7e94150b5c21d9a6fd2207e67

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    1KB

                                    MD5

                                    d9cd22d204dd66b4d358a9b96a2de845

                                    SHA1

                                    16d450677cc82db311b3edaec9995d5ae2305667

                                    SHA256

                                    3e76375b33031fb5435c7d9737bb037262df033379f827089ee38efda9aeb31f

                                    SHA512

                                    c7584b73d32fb9cb8c7108f7177f42d7ceb6167a02581184fad7578a08ed25f4f56d0d1c0423c7b316cbfda800297bb03f5a628c2b68b5ce4069c1eb2d8cef35

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    2KB

                                    MD5

                                    f9f9a20258f66645fb712419fe372cd6

                                    SHA1

                                    9f3c7a0efb67ff86e58f760333d60b7bab2a8d73

                                    SHA256

                                    823003fa80d2ac59c15928cdb49333803be6d748c044ae90f6ca168937562374

                                    SHA512

                                    8511d5cd9a8986c358737dbb35f81dd253c7fc0e0c57274af538d764b3429c5deed3f880a5043740f45b1588af6cae9f5751a48fe8ae0ed84bc79b5ed282ed3d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    3d19ae5d2a58b293941c6793f50663dc

                                    SHA1

                                    868f4b8c54e7ffcdc01fc5444dcc99ef51e7d02a

                                    SHA256

                                    76435c3b500c8e231922d9421882aff888a3f24c5444205a0a1a5360a1648185

                                    SHA512

                                    c6bffd7dbc0040ceea6db31f9f7a0f11341f05af091459d1a66e0726b882ae1e707e7869145708cb063a7ac1bacb331e6282a156127ca506270d42e6e92cdb71

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    7KB

                                    MD5

                                    37ce88f093e82db003251405aa9b0ecb

                                    SHA1

                                    039461666ebd4afd1eadd51e6971ec088638ae12

                                    SHA256

                                    7f3828307175245648bb5380b9a02105ed2296f3f722b94756dc677679ce2735

                                    SHA512

                                    7edd893b2c2862541b6fdeb895d13cd2a5532d6dae2ea08b3f867a82e0d2fccae854a77a7cb3ecfbc2085ad42c6be4de6212fb25fcf9b09c05a02f176d104b7b

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    8591fec0854e43c9846d87c4c3b04037

                                    SHA1

                                    87e7f50770a414db11f1d83a1197008ce6df5bc3

                                    SHA256

                                    7e7c1aa799c0360d185d96f1b27fc75448fcbfbdff855e3c7cc887c5d5d496a2

                                    SHA512

                                    95d2f938433d33078bbc5f668459b9d12d27905ddc14f5522f9dd9d486258e3646e517cb2eb5f774f2d0f4aa5052d72cfe2f6cc13be14d970278cc0b1b4b0f1b

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                    Filesize

                                    1KB

                                    MD5

                                    698a8b520653205aadce193c5216528d

                                    SHA1

                                    3be403b6c6b82130179db0ae967d0e75d224a531

                                    SHA256

                                    91b6d991ed89ff761f6640570be5e218913552b15a66ced722f1bc19c1a270e8

                                    SHA512

                                    6c57370e5a4b0a386ef1cc4f05db0068e79500280d987a70e8356dab61769941ae860b001dee409bc425015d3defeefb847815abd384eba0dda86dab388a4165

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58076d.TMP
                                    Filesize

                                    864B

                                    MD5

                                    e381a8f991642dd078dba8c93ed07266

                                    SHA1

                                    944a281dfc5aef981396f2121eee2d21c4f12b3f

                                    SHA256

                                    f580a815ff9442639bb9f428de69b59c7b39193fcf5ac4e337a5817c97e7c10b

                                    SHA512

                                    52f0b542bc7dcbb2d1c97d600a9cd4306d766ad79ae060bc8a0fa30c4b51acd5141dbbbb82e29328246f7290ebf1504b91dcf609fe2cb566208d708604c829b9

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    10KB

                                    MD5

                                    fe684ba2dc204d7d0c2bc210a8f5edb3

                                    SHA1

                                    675b8664310644fb1d0a26cf584c4c1d2d0a7fdf

                                    SHA256

                                    e522382fb46badbc797c1441202dc87ab4aec68485b9fc6bbbff2bd19d442ed4

                                    SHA512

                                    c859f262c06451bf7eedb99b0ceaa8912c4b1bef4ce175b50b5651bf70e7015b9c2bee481194ea98665f39d0ee8a006561d1eb72bc0ce1f5aae168d124945801

                                    Download Submit

                                  • \??\pipe\LOCAL\crashpad_436_ARMSAWWBGCMBKIPJ
                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    Download Submit