Analysis

  • max time kernel
    145s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/05/2024, 14:07

General

  • Target

    846a566534704de4788d227a36ca336e_JaffaCakes118.html

  • Size

    96KB

  • MD5

    846a566534704de4788d227a36ca336e

  • SHA1

    a85c5d929d86960799f4b41adc14b15de19760ac

  • SHA256

    ce4f70baf58400e718c7b453bcabde4cfdfe0e1860242dabc6cecb10b867dfe6

  • SHA512

    487a47ab0e71d645b5e66747c598556065fe8254928fc83e883cc3566334b36dd6a5a5c62f9706ae60417e39293d468e08bd8311f15cfefbe3cf4ffb5979aa9a

  • SSDEEP

    3072:ViywpHOoSzobo4Zof+ooxoX1DocoyowoUOoKI6LrPsOo2T3X:7wpVSzobo4Zof+ooxoXFocoyowoUOou

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\846a566534704de4788d227a36ca336e_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4484
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4ec546f8,0x7ffc4ec54708,0x7ffc4ec54718
      2⤵
        PID:4852
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        2⤵
          PID:1512
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3972
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
          2⤵
            PID:4788
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
            2⤵
              PID:4132
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
              2⤵
                PID:4768
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
                2⤵
                  PID:812
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
                  2⤵
                    PID:4384
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
                    2⤵
                      PID:2608
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
                      2⤵
                        PID:1140
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1664
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
                        2⤵
                          PID:688
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
                          2⤵
                            PID:4164
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5344 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2412
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4568
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2240

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

                              Filesize

                              1KB

                              MD5

                              55540a230bdab55187a841cfe1aa1545

                              SHA1

                              363e4734f757bdeb89868efe94907774a327695e

                              SHA256

                              d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

                              SHA512

                              c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                              Filesize

                              70KB

                              MD5

                              49aebf8cbd62d92ac215b2923fb1b9f5

                              SHA1

                              1723be06719828dda65ad804298d0431f6aff976

                              SHA256

                              b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                              SHA512

                              bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

                              Filesize

                              230B

                              MD5

                              db342c66113068d7f38883fa181f7b48

                              SHA1

                              156ea9e7c32818c50b4c58eff8f1e763ad892c61

                              SHA256

                              302ed97b3f44d964181d93ff041c73dd5c33a79658039ab89a990a941b4b9205

                              SHA512

                              2e6383ab7bda5586b1563f4a386e1a26cada34c3453c23ab91db2a839abc4026914dd67b83adb61421c4c0858a4160947ee0f860c672c0a8c8271459aef382c4

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                              Filesize

                              328B

                              MD5

                              6df8b2e6eb77357b2da6fe787c8416e9

                              SHA1

                              a6bee617ff367d0eb67fe73d39d7964d88b3cbf1

                              SHA256

                              4c759e0fce9e914f98255c74d222e26a4a6e84262936a630900861df69830950

                              SHA512

                              f82ab0654ec1de4e4094dfc796b86cf02e551d30f2d767c2689fa893750c192de3d0a3024d997305b841850b08193e95ce9ed76b2738d6938796e80c797d7920

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              56641592f6e69f5f5fb06f2319384490

                              SHA1

                              6a86be42e2c6d26b7830ad9f4e2627995fd91069

                              SHA256

                              02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

                              SHA512

                              c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              612a6c4247ef652299b376221c984213

                              SHA1

                              d306f3b16bde39708aa862aee372345feb559750

                              SHA256

                              9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

                              SHA512

                              34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

                              Filesize

                              44KB

                              MD5

                              23536ccfe05b737ae639fe63ee4cc435

                              SHA1

                              6d2e9822835dc3e6117a4d2addfc8f241fbdbc82

                              SHA256

                              6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce

                              SHA512

                              f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              144B

                              MD5

                              97ad34ebadbc472d07503109ab8f1972

                              SHA1

                              12672d7abc376480c91c2d55d7d7ee887c8e3dcb

                              SHA256

                              ba04c614783ea92fd6dfda75c267a8b1e780bc5e9e843ee6f3ce0a4c39aca8ba

                              SHA512

                              b59d92ce91bfba044d672017416b61418c97b0b10e252b76f54171d61ee57a808a978403c7addb45a5d89b0df284962eb296435f66f72ceec42d556873765e28

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              cb8048e914107b58725417d9706dbf3f

                              SHA1

                              19ecb59fe4f784f332518da9a2649bf8c601f877

                              SHA256

                              ff997ad1a6ec4d206a97b8710eb7bbaa58dc7a7d7d72f0ce1402713591b762c0

                              SHA512

                              dc9a3a2cace5bfd9428fa7621cda8d2c242f98bc6323098e19e5b26defcb94ffd90580234f97a63db63f8b5c5f90ec998910bb27ceed022e18dd5a270c8b2968

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              6ec7743478a71c789c5d00ba3b9863c2

                              SHA1

                              92ebc05bc31b2eae28812a8af1e2fc4bf7807457

                              SHA256

                              f12a1360e20e83f800546603fd1242cc8c812eb4b5f22604b477f5eece8fa8be

                              SHA512

                              d54753124fd22bae44f3662b660f03fb6afde90df1d0cdf0cee988f4f2f9e4feb015c091c5e63a6a73020bfd398dcf0466a7a17ea8ebc5dfab0249d2c71128bb

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              a40561b2472d5963cfb676beb64d86b3

                              SHA1

                              4e64136a0eb3f6e2485c8e71e44e1f5fc8635019

                              SHA256

                              998a6aee304c6cec380435fec0b9700284a6ed0fd83e81a7bbad6e1f5acfcc4a

                              SHA512

                              877bd3f8ce42a717eda6e7e5f7a6d6579d20ed48247142abf578f3b01a6bd6704810eb0ab654e3c8497590ee0f90783e93408323a9305897ded5a383c5404bdd

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              998d9f77a8fb916a69bf2d3e0c83041c

                              SHA1

                              d493833162ab5a7d592b7a2deeb9515069d30e2b

                              SHA256

                              0c053af1d50d042f8b1bfa9ab59e4f49b23d4ca63bbd63c886911bc61827bc56

                              SHA512

                              b630686c9b25a2409819904b51b8ed5bca54954b3d7801e99b26fae0f04c80f88be2ffc373412a1fb0343e98cf6fe2273f11c1cf555ae8b131a13eee7375515b

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              46295cac801e5d4857d09837238a6394

                              SHA1

                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                              SHA256

                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                              SHA512

                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              206702161f94c5cd39fadd03f4014d98

                              SHA1

                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                              SHA256

                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                              SHA512

                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                              Filesize

                              11KB

                              MD5

                              431af822f385ab5ec755d1ffe2175cca

                              SHA1

                              b62fa2b1874fadfc9ee9226d473d0d8a9fdbb466

                              SHA256

                              ddbac566e9f5e8ff11f0466c4b46c84e5630e6a3ed24be7638954c83511fb06d

                              SHA512

                              1fa7313593e2a3ee04da288c0b2400be0d0ceca60c043405e4a492f5ed3aa361fedd408cd9c6b021c403e97ee6ca17a2baee06f504a5ceff7f3e2f4fae5855cd