Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
23/05/2024, 12:57
General
-
Target
6b037595df144f01a116eec278b1ceb0_JaffaCakes118.html
-
Size
233KB
-
MD5
6b037595df144f01a116eec278b1ceb0
-
SHA1
fbf9a8d03716f5fc2e7aacf5cb28c146b1a8d8b1
-
SHA256
55bfb2bcf4bf5baae0cdac27b98796c4f5d1dd915d8c78e65a66b8f343659d8a
-
SHA512
d550a4fc55e57caac0633900ad1327d43e50c70a9dcf5739bcb21789d23fb3694ce7fa33c4dc92814e65f90aa977490010829e1f7b1c549b2793e166aa079b3b
-
SSDEEP
3072:UTSD/GaJHzi3mCPZkweh8FPIKCG6HyUtCu3qAcZfySLl/H/KhMXXg3QXeH+2Wpzn:1D/G8e31BkmPpv6HyUtCu8TXZp
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6b037595df144f01a116eec278b1ceb0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff9afb046f8,0x7ff9afb04708,0x7ff9afb047182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9945809994312438400,10658520790882417005,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
40KB
MD55ce7bdeeea547dc5e395554f1de0b179
SHA13dba53fa4da7c828a468d17abc09b265b664078a
SHA256675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9
SHA5120bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e
-
Filesize
240B
MD5896b5bf0a72469661782c51a6fb92db7
SHA1839d3645586e0d4a6d1967da0edd79b0d603df75
SHA2560ef6d122fcdc48c8c34703d9a6f10ed9f821a904dc5a8a32f60a43dfd3abe3e3
SHA51270240017c8008271f9469fe653594541e4dc4bd96750236d155a6c96b1150f106ce5d8090c5f79a868ab67add1811bace9f011b6bdbaab2b124e15acaecafc84
-
Filesize
216B
MD56c15b0f1472e8a3e97c3b98d8ad09ec2
SHA1407a23ffc058f3b86ed79101eac16ec25aba98ca
SHA256972281f2881435654458c3af9a960084a6425eff7d20278ec4b94278be958917
SHA5128cf9817f6482a485f0bce99a28c1a2e62e09b3f9be681036bbaea16af67a0758690f7b59210fe52306a7ad50d4539d49e787ceb941fce7232578d9aa4cadc872
-
Filesize
3KB
MD50170fcdb1cfcb8512e9e5d82412bcadc
SHA1c064a47d5f29f154dfffeb6486b277cfe9d2c836
SHA256952264b6d0e26bea5acfc5ad7ef73a8193e9d7421ba2b2cbd38cf9d873b65cf1
SHA512485730ee184c5ec0e6f16889eb56323908d0bafb00869fad2b8057ebba7e4f76a2413f15751a36a8d4b36bc4cb198ecdc09415294de4d531970abb3dd30c0505
-
Filesize
3KB
MD58baa07506f382864abd8efeb960df25c
SHA1b2bd7845a79fb0496c9af863eabf981f0114a12a
SHA256ea68a6f4d96d911f653b1e91386c6c50d5ddfdb50c5b5dcbef302e631c2d21a7
SHA51200f0567835577b43b0a94e0100f40c5cfb1448c2e74f51cdb3f74da50379be037b05dcca84705e26a22957a94790bc7d1c66de041a36b9cc25a2d4ddfd072726
-
Filesize
7KB
MD58a618203f6ff3cbd19986aa6a9921906
SHA12a8f1ea52e5b48fadd65754f9948c627394089bd
SHA256a06c7281237043498271ce3938670ee8efc16ca38ad14abae8451eaf3b7aa011
SHA51271c16197097a0c84c976d161a1cca6333979d3db139ffcd84eb2950aa4dfcc0c9e34850c56c8ed3705d23506c033a8dfc7c5596598b9c0d70d169bd0ab705d2c
-
Filesize
5KB
MD5887b043802558edffaefb5c815185be4
SHA106f1c6034f97400f6bd69872c0ec32b5471961b4
SHA256e5b9786b66abf2d961b3bdeb0f86a73bb87e855f4fca4829c214e2011568e698
SHA512cb4e916526b62c1c1ae798ff1a1750d46ef6a597387a42c93f7bc3c40b3f347eaeeed3070016207efda7abe197920de8a95957b4bab8780ae408453a233df07b
-
Filesize
8KB
MD5f5d23873802a03a537c92acab3b77989
SHA14e203a0e76254bdb13c76111acce4f88c82c9bdc
SHA256d0c969d88c43f581629cf4aed941884d3887f77514681cbb2fa79897e9f2453a
SHA5126744e567489fddadd5396015d69526a30a6126fe3db8a18398982bc793200ca808db55d347c0deca2f39a3d894b3fe895ff4671b3a30d89022f5edfc1105e4ef
-
Filesize
8KB
MD5dd9a24f3b896feb2915a6122434691a9
SHA1b0dd7a4ac687460a95b58c09e2e6487154e78f9b
SHA25695ef9a8363b972b83038968ab9d7f2e66a0e67df8fa3decda09cb6d9ab62f08e
SHA512a2d1df45c5010f5fd376f851dc904ae76a403b83f8c64b5c4415dceef7d5e8b80b9b21bd78149ed7408400a510bb42fbd54736dce45a9b35751caa4d5077c258
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a6c700a030cf5ad43dc4c84d2d171922
SHA1750dfa3afd7d7e4f5e53a06e516233dc58fa7f30
SHA256b1c4fbdffc3f5722a7d68a7b2cdd98ad98ca3ae740c4539475b1e727f14f8a60
SHA512627b37f5417a349ae49da40e39e8dab5caf763ff10959ef93e7c9764ebf137c8fb93cc3f2812cefffb6349e56472f0074148bfff3e74c105cb72764a20f41b28