Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2024 15:41

General

  • Target

    3adb3ba2feb388ddb90ce1b4e60f03cf_JaffaCakes118.html

  • Size

    136KB

  • MD5

    3adb3ba2feb388ddb90ce1b4e60f03cf

  • SHA1

    04bf37aaa21670b4e47aec3a78107937b18cac9b

  • SHA256

    1424af501a0d4acc703e1e6783416a28af8ed29593dec670e2c1f8d5bfd38c4c

  • SHA512

    935a9c885c3a09e6ee27d7db0de70e5af50c1e874b571d62d0995547b06691e57a20703ea4565a4d544d4cdcbfeba7d52c4804826f94ad8d993fa14b77866a19

  • SSDEEP

    3072:DLe+h+3qN5E8n3YmsbLXyebtvsu9vHf8qAei+USY1k:qaTYmsbzRN

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3adb3ba2feb388ddb90ce1b4e60f03cf_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4820
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb428446f8,0x7ffb42844708,0x7ffb42844718
      2⤵
        PID:4576
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10629763315548890204,7541836562616703780,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        2⤵
          PID:3864
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10629763315548890204,7541836562616703780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4828
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,10629763315548890204,7541836562616703780,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2436 /prefetch:8
          2⤵
            PID:2744
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10629763315548890204,7541836562616703780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
            2⤵
              PID:4052
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10629763315548890204,7541836562616703780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
              2⤵
                PID:1056
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10629763315548890204,7541836562616703780,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5696 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:1384
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:3180
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:1616

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7d513656-45a6-47a1-9f0c-0bba229ce1e5.tmp

                  Filesize

                  11KB

                  MD5

                  5ea7c53527aa2bbf74d0fdc058ca6553

                  SHA1

                  a85dbaf45e7f7a9c3b72510ef1ac2afb0f1cadbb

                  SHA256

                  8a186a4d76dd0cdb617fabe089b706cd48457cd3930ce3ba89b0a836335260fc

                  SHA512

                  6ea6b9f446830f8123c2cb67add2adbca0dde677000dc0b753d947bda9d1891e60998d24dc30a0afc7bfa6df7b861f229aabbc96aef35e65e6a14b4b87699508

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                  Filesize

                  152B

                  MD5

                  2daa93382bba07cbc40af372d30ec576

                  SHA1

                  c5e709dc3e2e4df2ff841fbde3e30170e7428a94

                  SHA256

                  1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

                  SHA512

                  65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                  Filesize

                  152B

                  MD5

                  ecdc2754d7d2ae862272153aa9b9ca6e

                  SHA1

                  c19bed1c6e1c998b9fa93298639ad7961339147d

                  SHA256

                  a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

                  SHA512

                  cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

                  Filesize

                  69KB

                  MD5

                  ea87388bc082ef04f1d07987e6154536

                  SHA1

                  0129d02ed85916cc6fbafd9ce0ba656904246b94

                  SHA256

                  126a78eefeb0731ee4a51a7d7480a1c29800a320aa8a86d1337f9fca414554f8

                  SHA512

                  85a342a7d4186574ec11499868beff09aca09f319e29962b5ca059a9a1da77d774c2ee87d39339f397fa44ccc9fc3a2be8a869ef9144f62a2076b5a8ddc9c968

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                  Filesize

                  20KB

                  MD5

                  da9eb63c2ab463de0028c69add0de9c6

                  SHA1

                  a14e85d87fca1ccc1ffb37c71f22c7b246d220de

                  SHA256

                  f8b16d05ec88b7ca3408948306f0e3f9cca9b3a7ca5f1780716f466f69d30b6d

                  SHA512

                  05a151c18aff7ab842f44c939e52f17302f4a4c3b40afe872569c079773df37fcfc07afd67eae3ccf005a5f40d8f60933442684fa696f8e15a3b603b452a9a11

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                  Filesize

                  16KB

                  MD5

                  fcce44cc390aff976d7bacdc5021df14

                  SHA1

                  78eedb72390fb225b8408d7d7c6e1dc30a214f16

                  SHA256

                  8a754d1548e6e2765921b1d3264911aa5b8811c3de318fb1b22d948f7fa58300

                  SHA512

                  e30af7b82350236f9d8a4beb0ee5cf6a399b51f408c3ef20550ab433909d5c997fdf7dcbc02c14137ba71bff3bfba022c01ec922744637471c8fb3746cd72f42

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

                  Filesize

                  29KB

                  MD5

                  8cdcb5dbb61c91c7aaca27880a0ec2b9

                  SHA1

                  aa88017529835cd0a0ba79bd12c776e8350c22b5

                  SHA256

                  41a887ecc2cfc1ca3aef9aea342fdc6f6fdf9e1a9f7abcbcf8d9c8d199eaa6a3

                  SHA512

                  dc3f0d0eae6dcbd68d3e10e85704bbb93f6ea20986b0423fbb815b6ae1198ade61c9d1672f9ecdab4fdb31d758e5171cbcab0d08d46f9f4e19ec4de2d9eb62ac

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                  Filesize

                  35KB

                  MD5

                  5d33369af1034bd2a02a8bd49775a595

                  SHA1

                  5b423d365a16dd0c5f686b566306a945f0e216e1

                  SHA256

                  98988f9ac61fb889e95bfb2f250558e634ef56306bce9513304ea1766077b422

                  SHA512

                  dd3e68b348a86cb76a9a9f19c47d27aa9f2706198420d5b4d1a075258923dbd80a617bf580896dc5097777bfb3b5b45acbc7d561d6b78ec9d325ec3fd4bd0c74

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

                  Filesize

                  25KB

                  MD5

                  9daf0d50e897551e3ce01ac8bf6dd34c

                  SHA1

                  979de426e84a4814d1e712019ff9b824d402f34f

                  SHA256

                  2f0558dd217fefebf836e4b3ea44d9f0029122e97b0ac265f15ad7360ccec2d2

                  SHA512

                  e1f3858d2f03c99497aace2dd4e2cf1c76227079ceb27d651241d53ed8c8f14cf4925495aa653fa2f9fecfdd66deb2dfdd6b06e5a006681129ca1d83342a6b9e

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                  Filesize

                  100KB

                  MD5

                  aee628443161fd9e48117348ce942bc3

                  SHA1

                  455d2dee1bed577108b6bb13e844aeb4f562b7fc

                  SHA256

                  653433561a0e60736fb700370c754896da5f12cff241fa9f52dc86c7f416719d

                  SHA512

                  9943d1cfe26bfbec31807a40aacecb1e2d38ef59345a926e4a52cec23a2ea573af396bd35fdbe87a1876ac68e330bf7a5b23e0cb3ee9f23e19719a083dbbae04

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                  Filesize

                  35KB

                  MD5

                  21e160632cd32bd413be1869662eacc3

                  SHA1

                  f5ae08c0194265710a24ca17b4b8beaae077514b

                  SHA256

                  10f0e08b669e24643d7dad9541e9876ff419336d252b4da128202d3dea11617c

                  SHA512

                  c746c4c4c6b701f604b1885a0e3ede560d307a78b09239e0cdc16f417a7481b09afd69897e73356c42ff5142990db4d32869f9251a18245f42571b6c0bbd0630

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                  Filesize

                  27KB

                  MD5

                  646d2ecddbf4580238589430544e9c7a

                  SHA1

                  1b69753323f9826f3ca0a59297fe33605f04343c

                  SHA256

                  3c0120bc4196fbc69e8fa4e586615e5b864d7799378621c0034af21edf2727a0

                  SHA512

                  56b691f99a09473aebdb8d13c5803ac8ce119a487e2a4a514138dfd0065917ff8e9ee812e3a65fadf003704076f24a761d00e8e476846104f0d4921ce5572a59

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

                  Filesize

                  39KB

                  MD5

                  e07e55db6b3f65a7ae94958e8e91bb80

                  SHA1

                  b0ff9f770a956d7384a6af84123fb5b3ee84fee2

                  SHA256

                  7427670ed27782f7b6fdb9f985074e01ffe0a3849f78a5d0ae04511a1c8fc677

                  SHA512

                  a05c3215210da778f781f972471a3a29428f2035bc33b107dc62648e8e654e37d45a4c05c3ae0986a3079be5634504d1da4c03a981c328832f3a41f284008bb2

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

                  Filesize

                  3.7MB

                  MD5

                  ded4748bc809d8c73df4e17b595dfa53

                  SHA1

                  e3a2ef90b4e7ded956ff07691834630dda1aca96

                  SHA256

                  d9ea74e684f05c38c4479acd20b3e9e81fd787a278c4fcfc528fedc45734eff4

                  SHA512

                  4027a21951113ff72e9cb6185002685a82a021d2ac3229e439c68d4d6ceb79e9c9aacfdc911afe88a80854812e63b88ec33fc5b1eb0dcdf9f0a208801e9dc4ab

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

                  Filesize

                  3.7MB

                  MD5

                  ba4de8196b85866e2702bfa1def272ec

                  SHA1

                  76ec52c93e4f4f549ba285badcb0376c6eff5924

                  SHA256

                  266a4901302c98111a64795a37fc9ebb7feca9deef647b8349a4ec43268315c8

                  SHA512

                  5471dcb254fac85e94d02dab89f03badb05a05eb113aa0bb8e097987ae3a7821ac75312410db361ca7b59d7a2f0ad90f6482268e2f57a19a938c24ec67896856

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

                  Filesize

                  3.7MB

                  MD5

                  1d46647604968aaace6cb28ad62cec0e

                  SHA1

                  732a71e2ee9347b679ce98ca6e23159afdbc6bab

                  SHA256

                  6294f1dd0a31ff3ec78d66acb9772e4cbb9d8e2f205232269c9ff50012b4c6a2

                  SHA512

                  ac982562e35ed19d353a8b989f70e962164e3f2a2a67c82559abb2f8f0263d531fc49bfb3167daa9a6ec2c2871795f0e9a9c54c446d47276792eed8310c67bec

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

                  Filesize

                  3.7MB

                  MD5

                  26ef1fee7701a8f04fa487d836120a15

                  SHA1

                  4c1793745db9a3e05959fe78a7e1c0867dd10929

                  SHA256

                  8eb7aa4c66612109f74d11a83b8baa9dbc8c0a6a92949dacb841d704ac427674

                  SHA512

                  cce115678a3eab4d400bd871c97a90e99349ea0bfb710b33f2fdcf5b947d549ce01e764b3df7f7b3282b8c860d8338d9078e3b4f4ec6f772bbc21efbcafb9912

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

                  Filesize

                  20KB

                  MD5

                  87e8230a9ca3f0c5ccfa56f70276e2f2

                  SHA1

                  eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                  SHA256

                  e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                  SHA512

                  37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                  Filesize

                  1KB

                  MD5

                  3e233ebb77ef7f8d85b2fd40b649947a

                  SHA1

                  1bc12d91b08c24e4f36e7c4c2f2a39ed3d15e0e8

                  SHA256

                  f05061bfdd7681ef81fa3ed77bfb0d3326fe831c9a651f0fba81b03026a23907

                  SHA512

                  d9d995caf480805320dcc1c71d97d575ba2f4537854d651eb71234bbf38221c27ff49f1c1a273d8ee987c4e659c48d483c6daf46bf7e78f6163de9b0ac2c54c1

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                  Filesize

                  6KB

                  MD5

                  cb94d9dd3dc26073c0bd94f916cafa4f

                  SHA1

                  0d4c9b7926098060c4447a2fb9d96575dcae2577

                  SHA256

                  418b63742b85acaf99dbcd66d87b0a49708b1b114fcfbf9b22694e48b4e8a838

                  SHA512

                  6b235ad91cd3ecf269c0323843790225b4c2d1199b5295c4efb2baf7bf84ba85575d9f7c5d491bf9bb5fd7429aea982f21433a449b681e616b68ba4a51073588

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                  Filesize

                  5KB

                  MD5

                  236955fc8bc0bf53fade1d16482f17f3

                  SHA1

                  e281bd5443de4af0c6fa534e0b7ca63acc58af3a

                  SHA256

                  cd2995a878e40089c21fd38a045555d363c735258d6f14f11c942366014f65c9

                  SHA512

                  f95746afbb0720610d8701a708b39be6f38dd07934249cd504dcda4bc378e7a3de75cd674acff1f5241502ab1f5ac4bfcd4cefd1dc842bda720efab3e744dbad