Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 00:52

General

  • Target

    8c60221dae91986936790b49347127b2_JaffaCakes118.html

  • Size

    115KB

  • MD5

    8c60221dae91986936790b49347127b2

  • SHA1

    3a1f4c962ba1eb3a3a5aadd80c2a43d6a6ec7f10

  • SHA256

    eef755c2ee0031d8d348f016a86245e640e29896feadd4a578420e485cbb027e

  • SHA512

    a03bb3797e6b92335b35089fc77dac5b36917e62953a3ec75184b0d73aa2a59041d5a1b1f15bd7c38a1afbd99db3481f4e8c3b091407f00e22c660c525bcd166

  • SSDEEP

    3072:gknUeCPlvxDuUcjvG8rM0DS4B789O6d4x:1nUeCPlvxDijsA

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c60221dae91986936790b49347127b2_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4632
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0b9946f8,0x7ffb0b994708,0x7ffb0b994718
      2⤵
        PID:3540
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        2⤵
          PID:1500
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4424
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
          2⤵
            PID:2364
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
            2⤵
              PID:3396
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
              2⤵
                PID:3692
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
                2⤵
                  PID:4468
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
                  2⤵
                    PID:1596
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
                    2⤵
                      PID:3732
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
                      2⤵
                        PID:4932
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
                        2⤵
                          PID:1644
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1312
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2828 /prefetch:1
                          2⤵
                            PID:2472
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
                            2⤵
                              PID:1480
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
                              2⤵
                                PID:3448
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1
                                2⤵
                                  PID:4092
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3230382557684518038,2870481481759139866,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2492
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4400
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2900
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3200

                                    Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                            Filesize

                                            152B

                                            MD5

                                            f61fa5143fe872d1d8f1e9f8dc6544f9

                                            SHA1

                                            df44bab94d7388fb38c63085ec4db80cfc5eb009

                                            SHA256

                                            284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

                                            SHA512

                                            971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                            Filesize

                                            152B

                                            MD5

                                            87f7abeb82600e1e640b843ad50fe0a1

                                            SHA1

                                            045bbada3f23fc59941bf7d0210fb160cb78ae87

                                            SHA256

                                            b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

                                            SHA512

                                            ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

                                            Filesize

                                            23KB

                                            MD5

                                            e1c71f7c04be834f5587230db2ad24b3

                                            SHA1

                                            f3bab9cb99d9f343bf7ed3981aaa7450515d2424

                                            SHA256

                                            9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

                                            SHA512

                                            205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                            Filesize

                                            384B

                                            MD5

                                            cc88f257f2fd78f3991c879797f9f684

                                            SHA1

                                            62d3be9f3dbedef41e4281c69a2b5a8e603c328b

                                            SHA256

                                            5d0495e7239a83c656fec43c78420a541fe2c42f96cd58412f322942442ae822

                                            SHA512

                                            3852deacc8330544324df76520e513e5b9b947ca0f828fa4580c1d497f17df1775da4168c835c06635a245099b8791e283869ca42080aa43a46b184bd396cccf

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                            Filesize

                                            408B

                                            MD5

                                            f27567cbcfc53c38c005994a1b23de22

                                            SHA1

                                            5b462c16aedb7e43afacbd75c7e7e30e8d04e151

                                            SHA256

                                            b5bfe5fbcbcd144a73a3ab1190be0c0a55392ac75f3124160a1394095205d923

                                            SHA512

                                            e12a8c3bf62a95dec37177012ff91034cb76b0e25001147a956c0b99e4962a24d240cc3b6b74daab2675befee386e35de96b88427566cd8b72afc1fa937ded85

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                            Filesize

                                            4KB

                                            MD5

                                            f167e2250b4bae4fb0d9d707337b2de3

                                            SHA1

                                            1554c76f600208ed859de9a36e732199aa0d3fcf

                                            SHA256

                                            2eaf70e39a2534731d4877c9ab725525bdd84cee06a1ef2e6852f4ceae16c40d

                                            SHA512

                                            44cdad6e1ccf7d3a4cb1702cca2dea5588db0f2ab8f1ac3114ab75725a93fbbfaf5e015c4dc48e8c6f3dbd5b0cd2b91839d954bb069977ef4c1daa4951d9c12f

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                            Filesize

                                            4KB

                                            MD5

                                            2d0ef75c504025d1beaf890f42710a05

                                            SHA1

                                            27230828c2df489e8f57fb05e5ddffed7fcbaf37

                                            SHA256

                                            dd1f70d94a27b449374845b88958cf738535cac34babc512f42b2a1c0ab097e7

                                            SHA512

                                            caadd17dae36bcf85af3cbf525972ed09e5506af0f0a25b3351faf2fd7f24c7d193f1cbc6841a57434bd6b0bc40b59df319b9dc54225334cdda5b09c74f1f443

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                            Filesize

                                            8KB

                                            MD5

                                            38b2a4c16fbc0e90ea3f115b2ce0254a

                                            SHA1

                                            ef76a032bb532266852dbc570b8f0d6668d55859

                                            SHA256

                                            4ef3ddc220b3bf5e4d76fd49851aa7c58878c8da94385d2efbcac5c37f584e24

                                            SHA512

                                            445d5e50837f2d3077a71cf0dcaacf7a29b631c470b6f52296250479d6a3e595a2b5e34f4dfa1b28fe811cee3b1f7f528e383266504fd3edd4c474af2084eabf

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                            Filesize

                                            8KB

                                            MD5

                                            1ee1b458f2e4a0cd643fcc6d31408851

                                            SHA1

                                            bae3120b4b77b4a8942101766e4bbdbd93fa4532

                                            SHA256

                                            90bb6a1e1a261262f74ddd217715a071dc7632e24f9988830816ab6e12d15782

                                            SHA512

                                            95b933f12cf5654e52af8719684fcc562ba6df208fcb8faaaa78399ab21d1d181c575ab44ddb304c8a35a8bf01bdeb6d11c17f0d1fa2f7236310f67ee8cd80c5

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                            Filesize

                                            16B

                                            MD5

                                            6752a1d65b201c13b62ea44016eb221f

                                            SHA1

                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                            SHA256

                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                            SHA512

                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e0cb0c3d-151a-471d-b889-1fb640771321.tmp

                                            Filesize

                                            5KB

                                            MD5

                                            f274cda8f08490126c37d945ddb93ea6

                                            SHA1

                                            1f4012ee880de70fd285aa12c40d7d232a630e91

                                            SHA256

                                            ea49ff5907b5cea4d9aab135561c1bd1714f70cc1311d105906e29fa080f502e

                                            SHA512

                                            497a22f55266335f151152ad71046e68a294243b02c5a9eef4826e47d78052981728fba96d4b4ea39b0c1ea5cd3d8a932d100602f642e747b430e50a3efebac8

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                            Filesize

                                            11KB

                                            MD5

                                            06b491cf352bd7abf6412b9736d3f1f1

                                            SHA1

                                            21908f1b6fac787be2fc6dda3dbddcefbf8a2df7

                                            SHA256

                                            5bebb638ac6cca22a002c049edbb8538e9d130fc613710fddf9cdc9a8e47b94a

                                            SHA512

                                            94cfa5402ccf8924afa178763ad834674b9783d3fcffff2a7089e622f7a359a3590afd583444aa3cc18363971499fa006ed8d547521bd7b4f515d98aa6dcc82b