Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 20:05

General

  • Target

    8b9e3eb75a7a483543866ab9060ccbdc_JaffaCakes118.html

  • Size

    52KB

  • MD5

    8b9e3eb75a7a483543866ab9060ccbdc

  • SHA1

    fd61087687b5ed9731a43e65ed1c8a70978cb444

  • SHA256

    1bf7618d659de7e246f99dc348a547f7a2951bb5be5686d5d7d8ed0523054d38

  • SHA512

    6a97914252a0d0d43475fafcd76e9b947eaedfc97c1b6470eb0fa15305c0e19eff3b6ec5c20af59eef6ee1d9820a6f111a9f9c9cae4a9765ba528b5870f72bac

  • SSDEEP

    1536:d8z6OguuXLuR1RSRRmfRlRWRORofRrRbR1fRwRRcRqfR2RiR/fRtR/RpfRpRZRmB:Wgu0Xq6r2kWsvBEuGdDE

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b9e3eb75a7a483543866ab9060ccbdc_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4600
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca4718
      2⤵
        PID:3120
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,10512602456005004228,5020109076802599103,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
        2⤵
          PID:2248
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,10512602456005004228,5020109076802599103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1396
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,10512602456005004228,5020109076802599103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
          2⤵
            PID:1888
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10512602456005004228,5020109076802599103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:1
            2⤵
              PID:5052
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10512602456005004228,5020109076802599103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
              2⤵
                PID:4840
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10512602456005004228,5020109076802599103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
                2⤵
                  PID:4668
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10512602456005004228,5020109076802599103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
                  2⤵
                    PID:3572
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,10512602456005004228,5020109076802599103,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2408 /prefetch:2
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:788
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:2232
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:4680

                    Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            c9c4c494f8fba32d95ba2125f00586a3

                            SHA1

                            8a600205528aef7953144f1cf6f7a5115e3611de

                            SHA256

                            a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

                            SHA512

                            9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            4dc6fc5e708279a3310fe55d9c44743d

                            SHA1

                            a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

                            SHA256

                            a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

                            SHA512

                            5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

                            Filesize

                            23KB

                            MD5

                            e1c71f7c04be834f5587230db2ad24b3

                            SHA1

                            f3bab9cb99d9f343bf7ed3981aaa7450515d2424

                            SHA256

                            9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

                            SHA512

                            205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            240B

                            MD5

                            3e14514f33796421ee7905cb86edcc37

                            SHA1

                            23cad8ded373bc625e1baece7fdc1dcc58554287

                            SHA256

                            5ebc4c76447de20da20fe8bdd6f72a959cbf65231ec6595d2bf1f8044a33f582

                            SHA512

                            60fd1d1e58184efd972fdc3ba192f582a0bc695c98db9032e8f89fb83492c5745a22e5b46fe0aed08e00b8f42c0c7a24e23e29bcca04dfe0907b4e7c15f341cc

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            216B

                            MD5

                            d4cd7c7d2027b0a65c4459c19aa75b29

                            SHA1

                            99805c6a673a866bac200f0074b4a928e311167a

                            SHA256

                            5ccef1466c626ac16018035a3a019af0a1642734a6a8ef96760a45ae959106e9

                            SHA512

                            f610e0cc38439aba81a5037114cce970d949760189ca141b5e604d4e0bed26d40490a337aae217a9ae19106fb6f72cf5b712470b695fd59c3be27c3959c0bca0

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                            Filesize

                            2KB

                            MD5

                            e05a0727e9a9540a251834c2308dbe37

                            SHA1

                            ab5896aa244299506a5f41e00c5170b8f0b0a969

                            SHA256

                            4c38119e373a7bc439fe9443385b0186e76cbcd7190ad1c9bad65a2d3118742c

                            SHA512

                            605facf735b562adf551d9e79fdf82c469de2e60dfa5fd6ca1f6b7745b97151c864674c5f4e298861f49758ccd41ce94db8db7933998b625e7a6bcf269c3905d

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            7KB

                            MD5

                            4794c079f7a8f2c7b1fd6446531d223b

                            SHA1

                            ed3f13b4811dd76f8d8b0c40890dc67579ef91b8

                            SHA256

                            938f16880ac78c419791910ceff7ae66a3330aac9e4c703aff3314088f4f8d95

                            SHA512

                            025d886c40b5258c9d4a39b948d3830d6177a48bd9917c9910117758148cf6df7dad476f6eceff1b8cfd13881545ead9625bb348eed8cd4e73ebf435dbee50ba

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            e1696a9431d1aa9b48d25114edc55341

                            SHA1

                            716b195ff93bf2e8cf1e88c7ca361629ce52626d

                            SHA256

                            b7a9c40e1e8e5f6fa2f26b059af6218e5c792d0ffd8fbd2952d28d94ca07aed4

                            SHA512

                            e9ac4fad571558fa53f8a12a76c1fa43f5492b0fb009518d6e69411866f767b50d8fb971f876889c5062e1d78959c3bea19e99484e22ce96468f5cda146ab6c0

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            512435515682ca0fe0e9985f3ea39629

                            SHA1

                            90d02ee50ccb495b4eb50d92f0f77b67244aca40

                            SHA256

                            c8ac6862931b394a0abb7e2c04a372434b1e195a29faa5d5fadc18f88a093a32

                            SHA512

                            3ec56a8f05864e2e8db7eb0acccd03f1b1b70c6a3fd237a90f3c21e456b1a5b3da4415b85d2506d551cbbcad1f8dd706886f0d4ef5a4834863347fc3bccabd79

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b681b6a6-ee54-4fec-bc2e-20441c04f124.tmp

                            Filesize

                            10KB

                            MD5

                            c17c5992ba311831d00b03b70b4817cb

                            SHA1

                            ad10100f55bb80132bae25c9eba60b774573173b

                            SHA256

                            8162264e9b8e783633d51ceeab52a5e85c10917e0324823327195ad5e266c804

                            SHA512

                            07bdab8889cb9fb1f7b0caa67f70893dc34554902978ab6f996c204f06e2885e1f763253d726be83c835f4eff52ec4d3970ee743ee1d212e812d9a7d23c5c84f