Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 08:05

General

  • Target

    910d4441b7972da4124bdd0d6bde3878_JaffaCakes118.html

  • Size

    74KB

  • MD5

    910d4441b7972da4124bdd0d6bde3878

  • SHA1

    6e852c2ddc5f047d2178dd1f887502ad5d9bedb0

  • SHA256

    eb8377c6573992d5572ba70c62659ab1cc39ec6b5c0283671c3605c1ac50ba8e

  • SHA512

    d47fd1c4bd0df0e858bde0406ae63c1bd61b4ecc551124dcd3c839a67ed862aa3ee85af2ace36c1e144e6430467e3b9f50b2dce65ec8ddcddcd79fc059161a7c

  • SSDEEP

    1536:imu4hjYkrRh9rYYYRtY18YYYNYYYnIz7hYVnXesryyFOowU/EYYlHY6UYXAY58YB:imu4hjYkrRh9YYYRtY18YYYNYYYnIz79

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910d4441b7972da4124bdd0d6bde3878_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4324
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff85d2746f8,0x7ff85d274708,0x7ff85d274718
      2⤵
        PID:912
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        2⤵
          PID:4924
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4316
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2012 /prefetch:8
          2⤵
            PID:1704
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
            2⤵
              PID:4336
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
              2⤵
                PID:1912
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
                2⤵
                  PID:2456
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
                  2⤵
                    PID:4092
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4188
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
                    2⤵
                      PID:2344
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
                      2⤵
                        PID:3520
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
                        2⤵
                          PID:4904
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
                          2⤵
                            PID:3644
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5040 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2396
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4948
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2916
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3644

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                4b4f91fa1b362ba5341ecb2836438dea

                                SHA1

                                9561f5aabed742404d455da735259a2c6781fa07

                                SHA256

                                d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

                                SHA512

                                fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                eaa3db555ab5bc0cb364826204aad3f0

                                SHA1

                                a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

                                SHA256

                                ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

                                SHA512

                                e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                216B

                                MD5

                                8a7b2edc3fe5701094cfe9685f9af972

                                SHA1

                                c3111d4e89b14012afb25d043403815c0e9a3f55

                                SHA256

                                3cf37664b009e9ddf1c916e07fadc7f0a45b11db79c8893fa16965f88578a011

                                SHA512

                                a5864059d364570235feec6d91ec749de76f1d3230ba9de67ad47bc2934ed8fa3c2675ded485f97ab3810ff7d07f6fa4668133aaa1bd193c7ead9f5a051821e4

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                6639505d07c99507eb20341ded6d4ab3

                                SHA1

                                b4a8c266998669769e2237d17fccff76afb78136

                                SHA256

                                52792314ecb875e8a551857ae9665e45599956121cbad94ef4a0d5c74b5c0659

                                SHA512

                                5b29a9a49a9eece93e7c541d7c2bb10dae2d077374ebdf2ecfbc8214f61a766272c0683f7084aca88820404fdd660aa30f3ba4f426f7c76b2f961d566f93d6e6

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                cfaff25fd76e991b6d889dad485172c5

                                SHA1

                                1bb378164727dec102dc3b5cacf5c3cb94eb81c0

                                SHA256

                                1e1349079f993bfb538e8d7281a4aae061387f0bc1c9f4073bce76f38213abab

                                SHA512

                                3bf94bbc40686ced58ae0943d0a818f15a1f0296f4870fad82212531a7449d212a45d8f3c9a58ab640620743eef03d14dabb508a53dab13154b08177fc9902f2

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                b7de5c806fd97ce225f064c00de287ae

                                SHA1

                                dad732ef2f5a0903e9da8f22beacf8e7c2c78323

                                SHA256

                                b96b38459f1c767d2c6179328bdb401fed5f385198dfb0bfb700b82a147df4fd

                                SHA512

                                698f79badb6f8bbc7dac25b531e1203d2fb00a4d97c1648bfa6d7ad9f6a36d00a7dfddb49d1ee522566cf0758f61302013555410ee8f01695e0840ccdfed4775

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                cd7f4e9ae135c05403ba88931bbec481

                                SHA1

                                4813d67b8a987aca60f15ed499343a8650c415f9

                                SHA256

                                bf3d5a379039f7639d76e2a1981fa3dfe9adf8557afce49bc9b04e264eb14b28

                                SHA512

                                a671544f4e67acbd94477c06fa3ca6c706ec8eed0e813d6c783fe808adc7377136fc106d812d6b29dad4995455209863a5bde8c168477027e1564181139d9ee7

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                be8b741b18d12cbf487dd3eeb146d22a

                                SHA1

                                9c60071053faee941561a8a0ab0f147a3ea0fbf8

                                SHA256

                                c40b9e138b51fe66a5f687871f6f667fcc174d0499bdef30be40ac7088bc3fda

                                SHA512

                                fb54a80e29d6b9aec9913f52a04c7dea92e60303267bec3321981a8fc215c2d7bf7b1e06fac9d03e859e34da3bacbf72f3bae864b7a62c157aaa703c1c420abb

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                Filesize

                                11KB

                                MD5

                                20cd2f024d2d678f6b8af12b04dd273b

                                SHA1

                                9ae9e474e472c318526c4f56d187924a2b8676de

                                SHA256

                                30b191b247c47210929ecfb83c9c186cacd6ee4bbf4cfb871f0282467eeee0f2

                                SHA512

                                bb14d9fa70536d6d035c1f5f88b2a9863e8e8538eab54148beedd7fa94c6275d7d0844a571472d43c903b95d08bdb6368970e47dec2f6c17de24f1828467d002