Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 12:11

General

  • Target

    791bf94c163bef8538c23b91dee41c87_JaffaCakes118.html

  • Size

    44KB

  • MD5

    791bf94c163bef8538c23b91dee41c87

  • SHA1

    2f2e9d3cea51955e9428d94a839bc1a7eb7b1e70

  • SHA256

    3216e8b51b47e047f2f33d770cc205b82a5e17892d9dc28f9136929d1c0bd63c

  • SHA512

    41f1ebbb57301e1d681c510d55d2c533f68b56144dc76d6a75bbbaee3ef06ec156993aeea7eb58c1b732eb1d829839138eb8e38e7e8e689c4ba741d56cb9d962

  • SSDEEP

    768:5iT0EipB70pY4Em0fuEbu8OlTzV2YFrIm0lk29X7+6X:MTupB70pY4KBOlTZ2nf/

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\791bf94c163bef8538c23b91dee41c87_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3940
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5eb246f8,0x7ffd5eb24708,0x7ffd5eb24718
      2⤵
        PID:388
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
        2⤵
          PID:4312
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1528
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 /prefetch:8
          2⤵
            PID:4220
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
            2⤵
              PID:1236
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
              2⤵
                PID:3904
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
                2⤵
                  PID:1448
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
                  2⤵
                    PID:4076
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
                    2⤵
                      PID:2736
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8
                      2⤵
                        PID:2240
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2152
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
                        2⤵
                          PID:3956
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
                          2⤵
                            PID:3424
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
                            2⤵
                              PID:1852
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                              2⤵
                                PID:4576
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5648 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1272
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:1044
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2472

                                Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                        Filesize

                                        330B

                                        MD5

                                        8b13133a62b8049ea1b14e7d7af4d81c

                                        SHA1

                                        3ec6927ff432a31614c6a985474d1a3a5289011b

                                        SHA256

                                        059c4e6fcc97a32b2068f98122889da49c8ba872412492b8e61c2274f01c24da

                                        SHA512

                                        6f10fedd179b5fec1d7a8091cf7530fc5c7313e6df12f8456a49b3f000207d9d6b0c8af1971db7aa91e9da08b0dc1b912f4c009e4c5b3a14683594ba8f63a363

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                        Filesize

                                        330B

                                        MD5

                                        5f771120741745338ef8656c3e4543f1

                                        SHA1

                                        43ead237f4532a412a6d0c2b263b4e6fbeeb0f5b

                                        SHA256

                                        2562c670fcd918fea3662a0e29dbc09a71369166e064d2948ab7e2c1d2a04a82

                                        SHA512

                                        c0916cdf645abeb4f49f7abc4622bef6cbb61a96e33adb01baa40650b4c8e1fe16ced8f69f020f5c20ce79187685499f6f36c87e34e80cac9e3d49f7aa06562c

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                        Filesize

                                        152B

                                        MD5

                                        ce4c898f8fc7601e2fbc252fdadb5115

                                        SHA1

                                        01bf06badc5da353e539c7c07527d30dccc55a91

                                        SHA256

                                        bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

                                        SHA512

                                        80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                        Filesize

                                        152B

                                        MD5

                                        4158365912175436289496136e7912c2

                                        SHA1

                                        813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

                                        SHA256

                                        354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

                                        SHA512

                                        74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                        Filesize

                                        22KB

                                        MD5

                                        5e74c6d871232d6fe5d88711ece1408b

                                        SHA1

                                        1a5d3ac31e833df4c091f14c94a2ecd1c6294875

                                        SHA256

                                        bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

                                        SHA512

                                        9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

                                        Filesize

                                        20KB

                                        MD5

                                        b6c8122025aff891940d1d5e1ab95fce

                                        SHA1

                                        a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

                                        SHA256

                                        9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

                                        SHA512

                                        e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        264B

                                        MD5

                                        e5ac63d2173af42b2c7d2537eeaf9792

                                        SHA1

                                        ac32921941a984ea78af3bd8b8656962cd713149

                                        SHA256

                                        452558234b4139ed16f4a3b8ef6dc998b5b0190aa227483ecbbe94380c679e30

                                        SHA512

                                        2d4f993604a1665266c217e279b6ba2cea823e575423cf837b0ea29aea4b2252295ef0840490d255acea4f057535b6e91fae50bd95d7e0446ed6062d8bd52f6d

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        288B

                                        MD5

                                        54b70ffdabf55520df08ea02e04e3da5

                                        SHA1

                                        c4f419451f385a3ac09c4a8ba9150c8a9d75ee69

                                        SHA256

                                        c533b2bc750f8c3fa634f1ce27a764cbfe281ea2e523e2056550e65f7a36fb13

                                        SHA512

                                        5b3ec12f151275cc07ac3f3795d97e799a17b2d27f0907819d38d245516bcfb46374a7400449cad42b47f7da6c4637b068ecdb3e2e5c00cb26738af25b7bbf7b

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                        Filesize

                                        3KB

                                        MD5

                                        504fc628105a8228e71f43e17d9d4fd1

                                        SHA1

                                        077f6f3cf39115330c0a05f326def8f003bec10f

                                        SHA256

                                        57680b33eb33d670d8d0cbc43b0dcdc37d593606f12b6c4bbdccf93c3add65be

                                        SHA512

                                        24bc5afe055ea02137cdb75359250052c05a595ca0c152a49b16d05dd88ff15598e7f76c4dbd3452b3a55fd672bd4a6ce9bc3af4c4b682257fa72dc573ccacca

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                        Filesize

                                        3KB

                                        MD5

                                        2ee331a3a91f1c14cc74ca5f2ca9964c

                                        SHA1

                                        e9f925abaa769e2d9f26f40a2ea409bf3c2fddc0

                                        SHA256

                                        742cf2c3910769206574fab91c66d20179d3c6b29729b0f5f8b6d1c7ab5fbced

                                        SHA512

                                        0cb1414d898c51610f8acc95c990c519b2545d6f9492601b487ff0a86b398912234b58cea2113bcf7e18e47c82605526c438f9ecd6a4291f09f633fbc203315c

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        b67e5948d42cfb9f1389d8812d4e1de9

                                        SHA1

                                        e0ef88a5fe0b17a2ea57c8e10a77c3d4d31b722b

                                        SHA256

                                        881390378c1f118ac70eb4023e9ed3d833eac55314df63edf23b83181fcb6ffc

                                        SHA512

                                        e1109826a3d0e743f370dbf41c2994f377d0142a6f7c06038ffbc98594194f531a41b354f673d94717e486c3ca875c2259ca2f13f74154619bd986475aa23a00

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        5KB

                                        MD5

                                        e6a916f6d9372aa6ca4eb784da28810a

                                        SHA1

                                        b5354cd04e1c1a67e10afe80865a05e5cb8aa85f

                                        SHA256

                                        6cadbea1648bf6c40d38ace9721d6c9066faf916f6a9d998037a9c0fe2aa94f4

                                        SHA512

                                        5cd41817ecfb80effef54dab808e17dbd058c74f6891b86cdb8f80f988dba765b7e5459abe27d5f0a47820ece3e1ef772ccc72b78607889e89924f8df82f51b4

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        7KB

                                        MD5

                                        6a6c1bea2f1dd44b2e15cb68f6f1c4ce

                                        SHA1

                                        c1926625a1fb8fc7bc04809c9067dc5f140f5612

                                        SHA256

                                        101ff46818d825a8816c786632750dee11383e4aae5af496b7247de1df9901d1

                                        SHA512

                                        92c523a7fdd0511e67817507b23f80a70c8f5364b006c256490df4b9e4c1ca22181ee081f57cbebce93d2faa82bd0dea897911b359c5101a7b72bb092d79a350

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                        Filesize

                                        16B

                                        MD5

                                        46295cac801e5d4857d09837238a6394

                                        SHA1

                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                        SHA256

                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                        SHA512

                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                        Filesize

                                        16B

                                        MD5

                                        206702161f94c5cd39fadd03f4014d98

                                        SHA1

                                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                        SHA256

                                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                        SHA512

                                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                        Filesize

                                        11KB

                                        MD5

                                        e187b2d3eab0fb79a54457a6305db092

                                        SHA1

                                        022643f7025823cda726f579cc706cb8a632692e

                                        SHA256

                                        f708b79cd674afb2c802a733457edd26339a836723cfb93fc7d6a528e8709c20

                                        SHA512

                                        ab5f4ddd804d5cd91793bcafc91c202986a5411852a3baf0f6dbf2e155604cf8cb02908760944764d8d9c4a8f806bce2ca5036a94a9f6061460d76ee6229b3bf