Overview

overview

10

Static

static

1

dfdfccc2ba...8.html

windows7-x64

10

dfdfccc2ba...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2024, 04:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dfdfccc2ba614c4d7d6e44e2ac1a64a0_JaffaCakes118.html

  • Size

    158KB

  • MD5

    dfdfccc2ba614c4d7d6e44e2ac1a64a0

  • SHA1

    ed5151c10e5fdd102fa103044cf990c585731b58

  • SHA256

    30e65a483cdef29add4b56d875dd82d9a78338d072f5628ec7ed0af19f0b9582

  • SHA512

    da98dadf3940f495ef08f7f18df834c10435c7a32cd5e5d30483a679d7e026b53c63a70265c431f1bcdccce82a5e803358333aa25c8442ec48d194b9a43eabaf

  • SSDEEP

    1536:ieRTgSwfrsAoIjqyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:iUghjqyfkMY+BES09JXAnyrZalI+YQ

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\dfdfccc2ba614c4d7d6e44e2ac1a64a0_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb566e46f8,0x7ffb566e4708,0x7ffb566e4718
      2⤵
        PID:3412
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8470098695535676526,14715920417101371347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
        2⤵
          PID:3792
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,8470098695535676526,14715920417101371347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1796
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,8470098695535676526,14715920417101371347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 /prefetch:8
          2⤵
            PID:2692
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8470098695535676526,14715920417101371347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
            2⤵
              PID:1544
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8470098695535676526,14715920417101371347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
              2⤵
                PID:2520
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8470098695535676526,14715920417101371347,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:3664
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8470098695535676526,14715920417101371347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:8
                2⤵
                  PID:2284
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8470098695535676526,14715920417101371347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3972
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8470098695535676526,14715920417101371347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
                  2⤵
                    PID:2264
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8470098695535676526,14715920417101371347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
                    2⤵
                      PID:1908
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8470098695535676526,14715920417101371347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
                      2⤵
                        PID:2220
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8470098695535676526,14715920417101371347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
                        2⤵
                          PID:1608
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4340
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4692

                          Network

                          • flag-us
                            DNS
                            www.lqlew4.top
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.lqlew4.top
                            IN A
                            Response
                          • flag-us
                            DNS
                            news.share.baidu.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            news.share.baidu.com
                            IN A
                            Response
                            news.share.baidu.com
                            IN CNAME
                            news.share.n.shifen.com
                            news.share.n.shifen.com
                            IN A
                            182.61.201.94
                            news.share.n.shifen.com
                            IN A
                            182.61.201.93
                            news.share.n.shifen.com
                            IN A
                            182.61.244.229
                            news.share.n.shifen.com
                            IN A
                            180.101.212.103
                            news.share.n.shifen.com
                            IN A
                            39.156.68.163
                            news.share.n.shifen.com
                            IN A
                            112.34.113.148
                          • flag-us
                            DNS
                            58.55.71.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            58.55.71.13.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            88.210.23.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            88.210.23.2.in-addr.arpa
                            IN PTR
                            Response
                            88.210.23.2.in-addr.arpa
                            IN PTR
                            a2-23-210-88deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            74.32.126.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            74.32.126.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            95.221.229.192.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            95.221.229.192.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            209.205.72.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            209.205.72.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            53.210.109.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            53.210.109.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            241.42.69.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            241.42.69.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            172.210.232.199.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            172.210.232.199.in-addr.arpa
                            IN PTR
                            Response
                          • 182.61.201.94:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 182.61.201.94:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 182.61.201.93:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 182.61.201.93:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 182.61.244.229:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 182.61.244.229:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 180.101.212.103:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 180.101.212.103:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 39.156.68.163:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 39.156.68.163:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 112.34.113.148:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 112.34.113.148:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 8.8.8.8:53
                            www.lqlew4.top
                            dns
                            msedge.exe
                            60 B
                             130 B
                             1
                            1

                            DNS Request

                            www.lqlew4.top

                          • 8.8.8.8:53
                            news.share.baidu.com
                            dns
                            msedge.exe
                            66 B
                             196 B
                             1
                            1

                            DNS Request

                            news.share.baidu.com

                            DNS Response

                            182.61.201.94
                            182.61.201.93
                            182.61.244.229
                            180.101.212.103
                            39.156.68.163
                            112.34.113.148

                          • 8.8.8.8:53
                            58.55.71.13.in-addr.arpa
                            dns
                            70 B
                             144 B
                             1
                            1

                            DNS Request

                            58.55.71.13.in-addr.arpa

                          • 8.8.8.8:53
                            88.210.23.2.in-addr.arpa
                            dns
                            70 B
                             133 B
                             1
                            1

                            DNS Request

                            88.210.23.2.in-addr.arpa

                          • 8.8.8.8:53
                            74.32.126.40.in-addr.arpa
                            dns
                            71 B
                             157 B
                             1
                            1

                            DNS Request

                            74.32.126.40.in-addr.arpa

                          • 8.8.8.8:53
                            95.221.229.192.in-addr.arpa
                            dns
                            73 B
                             144 B
                             1
                            1

                            DNS Request

                            95.221.229.192.in-addr.arpa

                          • 224.0.0.251:5353
                            msedge.exe
                            586 B
                             9
                          • 8.8.8.8:53
                            209.205.72.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            209.205.72.20.in-addr.arpa

                          • 8.8.8.8:53
                            53.210.109.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            53.210.109.20.in-addr.arpa

                          • 8.8.8.8:53
                            241.42.69.40.in-addr.arpa
                            dns
                            71 B
                             145 B
                             1
                            1

                            DNS Request

                            241.42.69.40.in-addr.arpa

                          • 8.8.8.8:53
                            172.210.232.199.in-addr.arpa
                            dns
                            74 B
                             128 B
                             1
                            1

                            DNS Request

                            172.210.232.199.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            85ba073d7015b6ce7da19235a275f6da

                            SHA1

                            a23c8c2125e45a0788bac14423ae1f3eab92cf00

                            SHA256

                            5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

                            SHA512

                            eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            7de1bbdc1f9cf1a58ae1de4951ce8cb9

                            SHA1

                            010da169e15457c25bd80ef02d76a940c1210301

                            SHA256

                            6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

                            SHA512

                            e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            738d19c826ba39cbac219e4456ec5623

                            SHA1

                            25f3fc0e21463a69599bcf56483a6f9325403c01

                            SHA256

                            85db4f9cfa4fbb289257406d65fbf90b59dcde1c1e2e6d80e64c97456d3ef9da

                            SHA512

                            276088a575f420c535ff9604528b93652bae2027302de74b40ca71cf8e92a3d71d7efe6b75a143be440cf42eb285590b170f4f6a04bdcc6f57f2575a1f85f69d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            523262421606ab10db7e99b7c0b8d705

                            SHA1

                            dd8d7c4229f86638300dffe57a2f29b6126ea1b5

                            SHA256

                            008f2fb8eb0d5fe2ab6003cf3b6d82cfc273f5203a2878bfa3654d10d53465b5

                            SHA512

                            a4b85198cd06f2fe630833a71e54354cbe548e4c94cdfcf1cec99591b4d3e8077d0120dfe2eef0c54eda7dfa2c0cb1ea5bffeb5cfad0b1de4ab8124ddb3eb1ef

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            c2b0c9644abf972be668730f649619fd

                            SHA1

                            6c5051bb139897f325bb33865024331d84b79b17

                            SHA256

                            ce391b0d5ee9fed223bc37b778a9b1b17bcf908a5ae801a651962b4f90842ce0

                            SHA512

                            7453d39b8baa09f1f24f686ec3f99245744f29e7067b462ac51197b958eea3dbbb3f16ff3b01ee8c111edfd2ee9997fe4ce55ef44cc7d9550c0c7a3ba823a9ab

                            Download Submit

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.