Analysis

  • max time kernel
    146s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 08:05

General

  • Target

    910d6d29e57ef134af3d7108be7b02e2_JaffaCakes118.html

  • Size

    34KB

  • MD5

    910d6d29e57ef134af3d7108be7b02e2

  • SHA1

    3a355c21b924268cd0e29e3b42c505ade834393e

  • SHA256

    5450a888250b0414b6aa613c26467e26bfa926e046dcf65f2678db1a4127b7b0

  • SHA512

    d5469e08b45ab48cf223af11cd75815710e5493d2512f28c86206c25e514a664e6197863eab8601e0953057c23310e4f141cb55f189208f4e61b97566baf96b9

  • SSDEEP

    768:VHMLYSCiMTmgB6zqeoYr6IrvsYMK2qFsMAJN05nU4ss1G+hXMXMtMRaMpoWUaO2u:VHMLYSTMR6OeVr6IrHM/FMAJ251y+hXB

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910d6d29e57ef134af3d7108be7b02e2_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3428
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8517946f8,0x7ff851794708,0x7ff851794718
      2⤵
        PID:2156
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
        2⤵
          PID:4700
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4772
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
          2⤵
            PID:2744
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:4964
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
              2⤵
                PID:1624
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
                2⤵
                  PID:4784
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2816 /prefetch:8
                  2⤵
                    PID:2880
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2816 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:5008
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
                    2⤵
                      PID:1196
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
                      2⤵
                        PID:4000
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
                        2⤵
                          PID:5052
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
                          2⤵
                            PID:4716
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4916 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3116
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:664
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4388

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              ce4c898f8fc7601e2fbc252fdadb5115

                              SHA1

                              01bf06badc5da353e539c7c07527d30dccc55a91

                              SHA256

                              bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

                              SHA512

                              80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              4158365912175436289496136e7912c2

                              SHA1

                              813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

                              SHA256

                              354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

                              SHA512

                              74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              96B

                              MD5

                              fe76eb4ec9042ad07bbd64336feaf896

                              SHA1

                              a3f981accaf4863e83940896e40faa5701eeaefb

                              SHA256

                              b2b116f251258e1e9d7d8615499eb9a34a609497e875eac27beb2e33b4242663

                              SHA512

                              a9ff870cbf8999446cd0ff419f4aee638159a6c0a8fdec3ab97f42b1308bd56d7ac2bc91a32a72637e2d324a0466eb4899464364e5d372cd86af429bed1b76dd

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              1KB

                              MD5

                              64b1168f0be80517a359720434bb61ca

                              SHA1

                              f0be11940bb10641a0298ff3b63ade4d155e118c

                              SHA256

                              691c826dea30cdeceb054fd214734dc154b40dd79c2b48874118256a10f922e9

                              SHA512

                              fbc88e7895ced59d637b63f2126f074c27e495a38173cf683fafcc90008670d77dcfe95893842b9ac02a28fe60b5f6cceea132bbb2492c2c6c8f5fb99b003aac

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              f20539b01e6b9a833150f5eadb46b52e

                              SHA1

                              7faabc8fb7e8854c14b73e75ce348ce194417364

                              SHA256

                              e89567a90109accd5b9cdf7e86ea867d6589039046623376ca800de42c6432a3

                              SHA512

                              11e3beccd71d3167e86d20b31ca1c4582247b91d69ce5a55be612da3956e3f282aa7a6201bd1147bb4afb383446c2191d009b0cc1b5801e5571a6c0b22c29490

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              1a2498cd90d7e15159916a3dc14ec4aa

                              SHA1

                              addc2c6937956e092103d58b9d89a7ae0a644870

                              SHA256

                              c4c880c793db415f727c7c21ee68a0d708ab541e2002e4f667c3aaea520064af

                              SHA512

                              fc4dcbce868883c66b89d421bf7f746e674dab1818ab1aa648051f75cfdaa516ad24d301c79f40f54a7e27c83bcf207f923aeaa14fd9d5256ab8215a84a0dcc7

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              187b9105d60580ca00e0269905c97453

                              SHA1

                              dcf717fd664db76b249af043da78e6e79f3baa9a

                              SHA256

                              22a9599991e2f5263f0e3c253be9c3db15c67ca1a39a0241e8189a8df7a426ed

                              SHA512

                              46993e4c924f1903cb39f681a2a4727a4f417eec2a3dcde27b75a6a34e9e576b78ab9e9db33b4563efe52b707bd9a97d6a26c7665ee0947200a04f3531e66b4c

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              0273adc9355b95fc66933dde4c0d2936

                              SHA1

                              537654a575b8ba1d028ffd0669eb520653f7943a

                              SHA256

                              48df757254a95bfc98b4ae15ce55633f4f2c6827e1e00ae02754af8b41b41c47

                              SHA512

                              c231aedfb88d8db0aacd0ee66fa516b44a003c5a07ad9233cf05167a1556b477823c3fbdb6a639ddafa1057c517740b6ff944acc89f70d5a47b569cfbb284ebb

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              46295cac801e5d4857d09837238a6394

                              SHA1

                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                              SHA256

                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                              SHA512

                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              206702161f94c5cd39fadd03f4014d98

                              SHA1

                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                              SHA256

                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                              SHA512

                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                              Filesize

                              11KB

                              MD5

                              bae4080426d8dfb59ad291bac8bbbeee

                              SHA1

                              3f9a93a0291901726a435f041f0caf2cec16399e

                              SHA256

                              90abfab2eaeb9ab3a91907d271febb33e2a9303b5f8a338665fe634598371058

                              SHA512

                              b0c4af02c52733d5ff3cb22cf73b28e5a5efff9ab1898fb1557e160ff594e6fd9ba644669345de79402e8c70d2a64899f8d97bb77b13b4ad90aebc836d16b7c6