Analysis
-
max time kernel
146s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
27/05/2024, 13:59
General
-
Target
79559672c5d867c703ab764cc55e4fbb_JaffaCakes118.html
-
Size
26KB
-
MD5
79559672c5d867c703ab764cc55e4fbb
-
SHA1
31034d932965185c376e5b1a2b1a2089f41791a2
-
SHA256
cf2cb07ca41fe80bae2b98fcbc7617aadf9a2bfec6dc332606be9544b230bc34
-
SHA512
8a9dfacd958c31e8f11e2c9884561c2313da86f6304dd387821ea4479cfe8f17b2f5433b823ff1410855428b0b2784b35e2ec9af261f27aa1cdb9dc008a90c53
-
SSDEEP
384:eutXlIIjlHss6aIHvXfCIooOhT6t/bm+3s7okzI5DRD3DLlDj2jQeDzD+9dll6DI:eQMpHvvCIoo2TYmy6jzI5xz5kzD+9SI
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\79559672c5d867c703ab764cc55e4fbb_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc002046f8,0x7ffc00204708,0x7ffc002047182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5144 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6000 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6008 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,7295099539895469863,8987327047580999425,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5668 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
28KB
MD53c66d0663475bc9284c50023e947f6d2
SHA1845ce9a91ba50d3fc4cb3040f1da3c37e42927e0
SHA256945f0fd54eb018f2e917b485b0460bd2615d45de72b1365b56dc348464f43311
SHA5129cbf854b55c0056ff5121af0b2db0a4696031b9d530cbf4242a562587eb616f681c1a9888eb2612238944589a13aa8184784c6211cca6b70a1d254e25a3bb436
-
Filesize
888B
MD53018d913910c0fdc58401928584560b4
SHA1c8cf06b9d2f39d6b932ce30822ddc7731269dd7f
SHA256093d1d141839d943d7f09f80192cc03a445ec42a53e19509067e6da500513236
SHA512585b5dcb630f17db660322524550e1731c2878552404fe50ded984e66f1e92bb2aaacf70be49d29af922ad43fd76976f143763b613622fb283f9ea361fbe6668
-
Filesize
144B
MD57939f2f803d90f9532441faf4d63a959
SHA14f1f4e9c4269fddb830be1ff4d4250774508e7d8
SHA256b484e24c2f7b09889e64dec89280bb6db3994127f5efc4a0a6e3cc542b6616a3
SHA512012f5684105772a105be391af2a198d8565d2f20b7cdb1cf269e4fc180ab31e6519c78b66e3e190d426015db7fd7280a519c78cc22b0bd36295b3ffd0c1a8f2b
-
Filesize
3KB
MD51043da285214543bb3909d006b18e05f
SHA1da5faad10e81cacec3ba980aa941df24a288ff6c
SHA25620a5a1ad087b6135f817222d9a2f2cd3f7d36bfd66d9e11fdde12df18ff38e2c
SHA512928bb61be266f222966bb010920a2477e9a16523b88501c149c46eea3bc99b0b7cdd9830b14d0385c3e893ae84b17e14ea259f9de4aad6c52677fd4373018857
-
Filesize
7KB
MD5c720eebea9fe39fdfabb8529aff964c3
SHA1bcf44ae55dcd6f62d1e1866c60f534efbde7e82e
SHA256bc1cab4d81222957ff0769950c84907ff5d227c896ac5392476b5944d1abcb26
SHA512619a1fd7a22292bf5a5fd07c20fdef9433256c67535910b16646cde1ad1599a29694ffa8584c7da9e91f4cbfb555ddc77db5bfddcc271e1f49f915320f9b83d3
-
Filesize
5KB
MD5150f223c8e29691e54c603e45b4c97ef
SHA1499dcc7e62c077223990434ea8205eb0443e3e59
SHA25614ccf04cfbfa5b90601054fd6cb705c09b8a1d0d4e5858827dcfba4182688c2d
SHA5129397194394d1a88d2710fec0ddd906ee0908ef6091a9824621b243c4bc81bb33f2d941789513c006b239249a003a8f2f90259055a884c7fcecfcdc03fd2e203a
-
Filesize
7KB
MD53324857646d05dab8b60e338379b4060
SHA1c62001855e8b1e60654c36d6685e5b53ba926b40
SHA2562afac5d63db5c9701f7d1f3c70cb7ea238edac4aca8ab711e255161b25eba731
SHA512cc2520c533fd0e3508c6195b5d077edc351e300d3f27541b51f3c323848d5c61d73c219b06d2814ec309ab8bf0ca7bc1290899923cdbb30ce67704dd174c8a9e
-
Filesize
540B
MD540486586fa5cb7d99a4b614ccde9b7e6
SHA1dd5c01f63905e26fe3bb73241191218ee39f4ad4
SHA2562e470ff5f9bd14c3c494532a9a40007c5d57379a31dee60b35f0e89ee8583bc7
SHA51273c4114b9ac219d8abf5859533cc2d32d041bfc03f2965f64ed7c811a26de03ccd18030e877dc8ee6ba05dedc0ac02d1c306b74072b117e100eb5bb0fc79b44c
-
Filesize
372B
MD5cfb325962069f737abba8322baa69689
SHA1b70d0284bde3b129262154e872efde807045a535
SHA25604fe8939957c2b77b88ae35627b953706e56fdf78b544b712466c18ba074873a
SHA512395d120d990ac13a2fd14d42080a2106f6b480577f0421458eb73e1ba18f7a856da909184cb696484d8a7655c950fd73b55317b61abe89dfab1094320a90beb2
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5554bd1c1327717669ede8324a0d9faa7
SHA1b5f91d58a6de04e038c043bdce97ca0256df04b3
SHA2564fa4c87507c7f7c1ed43a4999d98a7ec29772e9c859386e23007005b7142711f
SHA512dcc27bd3c078203bd51ec80337b154847aa5c941599fd6c677be05795eb4db8edb7ee64c43177e5eb2bcbc49771ce04c7973788b695965cd890b319260b5c8d1