Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 08:53

General

  • Target

    91312f3893d1e6009c499e619483c30b_JaffaCakes118.html

  • Size

    98KB

  • MD5

    91312f3893d1e6009c499e619483c30b

  • SHA1

    14041c6ed60de75b18df2756b452226bfc1e7657

  • SHA256

    ca3af8043a9706b4b42e4e2e2d8c0d462b036d1587f92239b6574c6171ae67e4

  • SHA512

    00a737a19552b5c1cadb21dffa60a2bd0c83a203574427cc857d9f90cd4f0681e50f0b8aae1a90c68a72c13a7c88bb90952a65bf117b90f775398a0c4df88e97

  • SSDEEP

    1536:wFF7rmeSIEDNgOdOgfOaAUvP0YZubl6QYiqhsOtFAY:aF7rdHEDVMgWaA4ul6fbhsOtFAY

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91312f3893d1e6009c499e619483c30b_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:684
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafda846f8,0x7ffafda84708,0x7ffafda84718
      2⤵
        PID:1620
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7234306141444356859,5600437723891051928,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
        2⤵
          PID:664
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7234306141444356859,5600437723891051928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3416
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,7234306141444356859,5600437723891051928,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
          2⤵
            PID:3068
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7234306141444356859,5600437723891051928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
            2⤵
              PID:3988
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7234306141444356859,5600437723891051928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
              2⤵
                PID:804
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7234306141444356859,5600437723891051928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
                2⤵
                  PID:1412
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7234306141444356859,5600437723891051928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
                  2⤵
                    PID:3028
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7234306141444356859,5600437723891051928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
                    2⤵
                      PID:3116
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7234306141444356859,5600437723891051928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:5092
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7234306141444356859,5600437723891051928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
                      2⤵
                        PID:2348
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7234306141444356859,5600437723891051928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
                        2⤵
                          PID:2116
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7234306141444356859,5600437723891051928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
                          2⤵
                            PID:220
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7234306141444356859,5600437723891051928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
                            2⤵
                              PID:1200
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7234306141444356859,5600437723891051928,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5096 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3424
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1508
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2876

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                4f7152bc5a1a715ef481e37d1c791959

                                SHA1

                                c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

                                SHA256

                                704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

                                SHA512

                                2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                ea98e583ad99df195d29aa066204ab56

                                SHA1

                                f89398664af0179641aa0138b337097b617cb2db

                                SHA256

                                a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

                                SHA512

                                e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

                                Filesize

                                23KB

                                MD5

                                e1c71f7c04be834f5587230db2ad24b3

                                SHA1

                                f3bab9cb99d9f343bf7ed3981aaa7450515d2424

                                SHA256

                                9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

                                SHA512

                                205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                192B

                                MD5

                                d0bb4fafe2f2abad8bf7b7eb965082ca

                                SHA1

                                6ea787a4683570c6aee1f6ef903d0b5c64a494c7

                                SHA256

                                6ab9ddee73923cd35eab1c42dc83b93e4323141d915729c628ea9eedaf795d2f

                                SHA512

                                dec70634265ff6a805fa16666e3bb3808e156d345f1060e8e3e6f9b9d53361947e30f124322dc3313fdad01442b9d25699419b1c08b7cf9c2d96600b2e0708c8

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                168B

                                MD5

                                381bebc36c91987a15b786ca5de8fbd6

                                SHA1

                                463dea7e45dc2e48a25488c0799c1fc70bacea60

                                SHA256

                                b9ab5cc7334c300c97bae3535630ffa4e91f93bfae06782fb84b86ddd448e006

                                SHA512

                                d695b40b68f1fe3a08169a5c64194311055f9010b4bf06aa08827ea9d7ac21aef3f7fc6e4c13c106f9cd85782444bf6407dfdf298b7f69c8ff52b65dab897728

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                96B

                                MD5

                                c8b77e18ee5ac58f52300b8a18c7b013

                                SHA1

                                b54408875209a8575695cd2ae2c904fca2726895

                                SHA256

                                d85a9600c80394f563bfb9bdc39b72b917eb0ff9ee4e99c7a8b943c03b5f736d

                                SHA512

                                f460f3d1e5e949a0f9ff8ba3c7ecb966dcb7e81d1ed13d4a2dbf1f53b817b3c2d36c27233907361379d868d49b08537acc5dc1eac30cfe37728dedb156fa6dfe

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                577723a25dd45a3416a4ac96e8385425

                                SHA1

                                3c70416afeaaff99c42ebb6dffb87c0f97b8d746

                                SHA256

                                1d61490927cd19491dc509c4616f00ca0aff3b4aa442445c9426ec20c8c88c0f

                                SHA512

                                7ea907ca81280c04e1089f1cdfe29558c861492ba6368612485a5e02b2e66450402c232b0a60389d79ca79c20e8e386e0328124a3ebd582c23bab030584241cf

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                a3a6a56e7552e55750b412ae230d9fe7

                                SHA1

                                b2cd47357150b4267044c0857eaa6dfe24a2e63f

                                SHA256

                                d599d783a882c3154413e9632cfe74c68dbceb5f2508f7d6771f3831412b4274

                                SHA512

                                39bbc0c43a31208ac7f9aca5eb80396e52e589370eaddeab871fa6dbb71cd4341def3e623a23ec2c1e36fb1d4b8a9aa9be520e5bed128ef0dc1f211c9fd35b5a

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                7KB

                                MD5

                                722ac4ffc7c6e408d5b04b037fff6d2d

                                SHA1

                                7525e6ba79adf35797d1156f00211a18b90608a0

                                SHA256

                                f1fd8264c954b0ae2d51556b10db4722a8dd2a9e98c4f374d1d36460ebaf34bc

                                SHA512

                                5d314e16396862d0cf2e94f7abd92455f14bfe0dc10944a8508f63d6e89933aa69377fb6f166bda3f446f224b8b52394d151bfa44b11f96d311c8123bab561c8

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                21833478e5b9b7e8a36b9337ef91a1c1

                                SHA1

                                e99178fb1654939e7e26d54d24b8d6f0a4de5673

                                SHA256

                                e84b88ea590183daec26b68f65df252038839b4060a158b94cbc3c0f124adb04

                                SHA512

                                a638a9d1c9fd63c837f3fb73bd4592e751df2e50134a7c3dc719ebfd7e1a9709ae55415e1c39b419b2dd1d5c4305ba8cc55c6915799513ff92491d3d27242ce4

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                e8ddb8b6c19720f43242eaa4bd28f925

                                SHA1

                                b444cba3780290316d293e5d0186078f73e3c266

                                SHA256

                                062b5622e343a71dcb42953ed9ee7e65363c73d51524083744f074ca639b17d9

                                SHA512

                                f1b3efc66045d5debd71aecd0d19ec4f8269627bef81150999b02717816371294cd8476c4c579d0a1b9fe7e5aa0d998100829a358a8b447ea9bf3106dbb6ee1b

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                7KB

                                MD5

                                a65f49d828a23c43c1d38a36fe937cc5

                                SHA1

                                53ea1ced9608bde5af1156fbc0e40fbbea4ab543

                                SHA256

                                a612629cc8dfcdc43d4e59412a872bad598f15e5f2f912df6790befc4b39a7c9

                                SHA512

                                cd591126fc2e553e10585a17f843f3c4ea4fa6f0debc88df5c35278e7e3dda781acd16a45b8bc18a732eeb204dec2376fddcb0e508b70cc6554f0cef35c7cea0

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                7KB

                                MD5

                                580b55ac5f4076bdb71890b8e4aae9bb

                                SHA1

                                467f2bed919d8a822a272d50e0629106b37227dd

                                SHA256

                                ba65f3d3f6af923444e3b2d104816c05a870786d0ff3f99c14d2dfccd3f3ad74

                                SHA512

                                aee2c38b290990df8559cd8cab9fdf011ea5cce02d31a3fc2cb2cec38e2a592a1b48c8957c805ad824779cb0ba1327cf0dbeeb754ed7d6cb47d8d10cd3d2da8a

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                Filesize

                                10KB

                                MD5

                                d4bbdc11616d8565f687c504a1d1fe19

                                SHA1

                                3d494e0da2e4fb1cae51772576316d5b81f4222e

                                SHA256

                                d2bc3c04614ff9a74cfbb4904613e07b8145f35a549f01a63f4444d2a9086372

                                SHA512

                                1ee669e0966230464e59b51afaf9caa697066342b8d067f921d83ff4aa4bdb9dd40f4a0835fa58f253430a5a000db10e89346822ce46f7150b89d10fe3e946fe