Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
11/05/2024, 02:49
General
-
Target
3256730e3e4f4631e1a2297c031cc837_JaffaCakes118.html
-
Size
29KB
-
MD5
3256730e3e4f4631e1a2297c031cc837
-
SHA1
1ffdf929b10de360f50e980845cc996384bc5921
-
SHA256
fb0e5d9665836dc77cb329eb815e157411253d9d91e1e95280cf17c364f6bb20
-
SHA512
13ee7c2b93357f0ebf13a8c8b68a0aaecc0cdcdf5762a0a037354728535ba6e683c13186fa5c226240c16726e3d557f1beed51aa779ff427a1d6c2890dc871a9
-
SSDEEP
768:lapTBacTPyTV/BWi2N+NtjROtqI02Sjb6iXprytY:lapTBacTPyTV/BWiJjROtqI02Sjb6iXj
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3256730e3e4f4631e1a2297c031cc837_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6b1346f8,0x7ffe6b134708,0x7ffe6b1347182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6016 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6024 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13481923720240420227,10940889579071075469,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6124 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
8KB
MD5cbcfc6bfc5c30ea1b006fb56af12859e
SHA12efe97db84a3b71b8079d17a951ac3f8bfe57583
SHA2560324ae289ed0f686299989d037fd5c40950e0f30e40fa59b9f205d13d58ade22
SHA512bd43a3843615452faa4f76f3e9157f6b98452a35318f32fad78ec17af439fac68f1c2d687046fa790e00c531e218db6b6661fe1d92e58800acab9c52d235fa57
-
Filesize
1KB
MD5402bab2329df09c05766491298c53328
SHA1167b5a901410ec1635e2344b5c162d067496e74f
SHA256c2b954d6e7591a0755640a69191e445c5174a6b7699b245b8a0ea67f67304338
SHA5120fd0ecd3af0b2331c554d0075b22e7fa9a65738d86253cecd8836da1af72cdb4d3fd5f5f9ceca960ddae159429fec547fef5e25e0d82547ae6ecb8e45d1bd0ab
-
Filesize
1KB
MD5a108f6fa98e03cb1d5db2f2ef248987e
SHA1a8605f4a2afa892ad76862de4a29ad9ea543e212
SHA2568cd08d260c6c2d0a91a83e18640607d54f9dc75bef18aae865a299d12578f449
SHA512a74f379c5ab15c6809164492ebfafaa807fe738953f44328c657ac7bb16b42d5d4c56ba4c9e5a6c324f0468945be5160a5b41bc6354d95748b2f45c7e7331660
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
6KB
MD5314309151229399ef17a91a078d4d321
SHA11f5ab76c79a75cd483bde6630c7c3b6ba6b7a0cd
SHA2563c853da3b7e9e75473984cadf69f6fd169983a20525207c8f8c827f9e1de5dfa
SHA5122ac46abf4aa12659e1e4839a7f823fbb1e9760a8aed6d2eaaa4265f97b28894733c01c1c9794d7632356107ff70d8ff433ef859e2b7065804974149fc7a08e59
-
Filesize
6KB
MD525cd4207e9428a0c683813bc104ee156
SHA180b7474185355b4832277a1e32e3c85ab0803995
SHA256e49825ed4d4b866949409350d54702008fc7896578e5f4c32d775f30d1d0c212
SHA5127e968515b65429279a7037fadfc4b7bc03fdc7875597b2f9e37f6c0cd4e984fe88eee4f745a6541666ea1a897cd49cd8c52787087ca3f6ebb181c7cc31be8e54
-
Filesize
7KB
MD52ea94b5c14dfa19df630c87e6f5988e2
SHA1c7303d1fd4b010e4785c0555954461ccf089f270
SHA2568d7e751d0995228eac2f94a77d291ee42a1a5b9ad5a3b59bc55f01787b63a71d
SHA5127c2945c9d722b7e154ea700a661d5d85500a73b12649cea5a582bdd87d0b3d0b7ed57f569c3e842282b85f9602ea094134a7c4757863223c1789a1782bae7ed5
-
Filesize
8KB
MD513042758b2d93b46ff88b0aec812cfb7
SHA182d24fdcd38c7924c4c4063bc9bd71845e83ecde
SHA2563d25a95c80020eceec802d286f633f79d4d5602093eafda662557c906019636e
SHA5122acf9b55b5fdac8909c61b64e6c77f427d44782b85ccd5efac51b04c437c0a5e558e7a3ba311c0b229f1136916517bb4f34887b46ac502d61f0633ce702f9c57
-
Filesize
8KB
MD53aa264111173dbbae98a2c1cefae1c82
SHA16555114dcd700ce4ae5c97cf3080a5308cb3ba4e
SHA25647171784f7b1e642024c47150c66ef85b9ff4f6d474d16a843276ceb3b91478f
SHA5129bb27222a569b4b1b35eee6eef90da6fe9008295187630514fddbdc973c78576a573f16eb26fc0076cc9bbcd6e65a56bbb5504ff2f3b0b518cbb9d171347e326
-
Filesize
240B
MD5b23b0aaec3d4965bc8588327dce138b1
SHA18b7aed2f821d7002cf97d241f4a172335a2c24ac
SHA256556ac0c5026c9ac3c4573f8b39e80c1ab7e17d298db7ec274f9d9657f0517b27
SHA512b3196f43cc592b8845f16ae06818945d2c94490b26a649da2485423c9a1f4cfd957354a8b7242020882e6d11d57c1987805143de418813918f470d3e4516f434
-
Filesize
48B
MD5e53942e750e32e97b4ebbf228bf6429b
SHA18f0cc8023dd2e0d10651beb5ad4a314f4a518eb2
SHA256c99db91363d92df02fe139ac91f6ebc1e5bbb76b00343dc4f5acda7c36fa1f07
SHA512538f9276eda0c825dd7b107531e2de7c2f257282105dce972c50433fcc2b86c166ff7c2f46e329725411d81b0cfe116a74a869772227c11c279a739f11823754
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5afa111d1561677bfa72d8215bf84da9e
SHA1c19644eca866bec7cd8b20a3757b60988a766ee6
SHA256999ebc75024c0f37150e484dded2198f41f8a1b2be37857621401454e1958ca4
SHA512a119be721fcd804051adf5224ed5f2102f51d3456ad471bec27db9d0045f26197f40c56cc75ea2db32d8758899414673c6c3b72003d4964bdf4e94090805d6a9