Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 10:34

General

  • Target

    9176b4dac13d3338aa3668f1dfe32c5f_JaffaCakes118.html

  • Size

    31KB

  • MD5

    9176b4dac13d3338aa3668f1dfe32c5f

  • SHA1

    ca95b5b0d70b3231cd7b60e16a9322229700182d

  • SHA256

    557cd21bd535fb5219972f8b29bb81f4ed346edd53fecb3100f0c60d97f9de7d

  • SHA512

    5203c01a1532f2a6bafed92a5746e7db50558aa1728d00a129853e656f07c4d2d21694fcabee774621875540cbf055905d833a1f695e695afd5f76655a8b6156

  • SSDEEP

    768:PMhT66Wlc4wnRPcQBF9QKKFUWmncpwokhqBRbukSJHy:Eh6lc4w0QjLiTuNy

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9176b4dac13d3338aa3668f1dfe32c5f_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4740
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa592846f8,0x7ffa59284708,0x7ffa59284718
      2⤵
        PID:1116
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13879651634728517204,8346642411897515052,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
        2⤵
          PID:1484
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13879651634728517204,8346642411897515052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3116
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13879651634728517204,8346642411897515052,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
          2⤵
            PID:4284
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13879651634728517204,8346642411897515052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
            2⤵
              PID:3684
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13879651634728517204,8346642411897515052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
              2⤵
                PID:2132
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13879651634728517204,8346642411897515052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
                2⤵
                  PID:944
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13879651634728517204,8346642411897515052,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 /prefetch:2
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2572
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:2280
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:220

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                    Filesize

                    152B

                    MD5

                    2daa93382bba07cbc40af372d30ec576

                    SHA1

                    c5e709dc3e2e4df2ff841fbde3e30170e7428a94

                    SHA256

                    1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

                    SHA512

                    65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                    Filesize

                    152B

                    MD5

                    ecdc2754d7d2ae862272153aa9b9ca6e

                    SHA1

                    c19bed1c6e1c998b9fa93298639ad7961339147d

                    SHA256

                    a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

                    SHA512

                    cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                    Filesize

                    48KB

                    MD5

                    63c541481031303056eed255949f002d

                    SHA1

                    e6ba8fec21f4e6789076e4678f6327bff58bab99

                    SHA256

                    abed17da104188f92c39961f2d0ab6e1291fe52b6e19ac03f34a9ce36260da9b

                    SHA512

                    bdeb2b22f64ea25c6f97960a927637856f0f6bb9375a75c9a69a70cdc8a544e1fac24cdde3e4eccc9c31501fcbddee6a3b96f44294916cc848516b6406e7a5b4

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

                    Filesize

                    56KB

                    MD5

                    0ffaa226d575ce6728e4c90148b952f7

                    SHA1

                    532eb1fd31843ab68fc36293adf774c24b4dbcb5

                    SHA256

                    68a86b3d6d10ce4d8b4cd16e4dad0b76c535f844a92f985de6bdaaf7d6b2f8a4

                    SHA512

                    f7bc3ecea5c0e6012463cd6decc67b2b99e9540a73df747523d87ff4df9e36a7902e048b190b9e3881f95628e683d9c6d520d254cf6323d0205ff74bb5b93fbe

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

                    Filesize

                    55KB

                    MD5

                    411224e6a6e1ceed2810d48aee82898b

                    SHA1

                    485041fb0264e320500ae13f650eee6450453b18

                    SHA256

                    f37b97da617b3ed82acc725af90464da7191b5ad92c7a833c4a769a57943f204

                    SHA512

                    2610ea5e4202bd77b972c1a7717b2a2abc41848b2d6c6cbf719d7254d9337d08b96635e03af46f942ce799ba6570167324c21ddac4a53012530d1061d32fc9b7

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

                    Filesize

                    92KB

                    MD5

                    f7b00f3253bad2d8b22e1a8f7b69db86

                    SHA1

                    d7fd54c6397fd9f49240d08ad0ed9869a02ad66a

                    SHA256

                    2927117294ab5c5b639835223c00e5156550f76831c08a68a24ad440ad346adb

                    SHA512

                    64037a4e74c732eb8b9a1be7a4320c341c8ed63788ffe479df0eb04cafb690e94eb5dc0da3369cdc27490189acc7df28957be57c49880d07ecd84bffe2974093

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

                    Filesize

                    206KB

                    MD5

                    f998b8f6765b4c57936ada0bb2eb4a5a

                    SHA1

                    13fb29dc0968838653b8414a125c124023c001df

                    SHA256

                    374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

                    SHA512

                    d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1781a43bfad24a04_0

                    Filesize

                    221B

                    MD5

                    adce1fbfa1da2baf944e85f80b8e05b8

                    SHA1

                    6f207be129a0f3a198d9f7830a0305b665bf4123

                    SHA256

                    c7a03c3e66fcc48d299bc55402ad4451ef4c7fb6033e01a7d616fa5f792b17fe

                    SHA512

                    14a25e29af1c712e6fd5c95b7cd4b4bc6fdf329d996726bd1f38b602beb8c2744d3e696a110678061ffab4eedba0ca51bb00fb41c3c9222a977410048cb4ec82

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1781a43bfad24a04_0

                    Filesize

                    269B

                    MD5

                    5ede3ca763abe55cee7c59720201edb1

                    SHA1

                    16f3ed36a0a15836034bfa4acbd84234a0d7d0eb

                    SHA256

                    d058ee44c3e317fee81c8945a71946495e6bdde3e95ef90eeaed1ee6d375f581

                    SHA512

                    1545af4cd5c341fa5ff05fbbf680eebc6b66df07b2c0f983e5cbbec8fb3c2f00823f4b9642ff4ec1644f3e4574d2e861f830d0b093fa6d7268312258fb6da0bf

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a5e9d12d339637ed_0

                    Filesize

                    395KB

                    MD5

                    cda6a23c83a08a1668c3408ebe32247a

                    SHA1

                    5526d5ade82c002db3dd2cb01eece23821f1da66

                    SHA256

                    461c7d83da81f2a702f7c4bbea672d8c1ede825c48e9a693047bb0cd0e6a20c7

                    SHA512

                    64c336403e8ffbc9802230c2844ce950d9ad371b051104288a72df571fa1b1b83fac6d7c23230c2633b4dd50cafa3a412c9ae060807afcaf6fd4a0b98c03b94a

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                    Filesize

                    456B

                    MD5

                    b31ab4ff4ce3efe9d13eb91cddd95efb

                    SHA1

                    c107890054d97962f51944e6b939c04018f6a733

                    SHA256

                    7f883ae6cc8cb236865cc598157a6d882124d5d56f0017f6dfeefad9df6ee5ee

                    SHA512

                    18fc833528b11997d02d9cc9f49d760f2bf83c27427af7bfc3b3b2e8642b87380be8a1d6d45f3a73393d935af776ff58c906004ced85e7514f5b82ea39a7ffc1

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                    Filesize

                    2KB

                    MD5

                    4e8f3b3ce000e43d2ecc5063326de94c

                    SHA1

                    f7cfd4e96640704917362b464e4169a49698003e

                    SHA256

                    3770004b46a45d6ab6c4f986836aaeddc3cf81b3d9f9adf5e06be1d5602a080f

                    SHA512

                    9c75ea6da6d08e62090ce6c05584c12d8f2955d9a5d18894e2c8ac25289e7d5cdd42948157460de7ded78be96a122ca5dc792812340ef791c2a45a6797616682

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                    Filesize

                    2KB

                    MD5

                    ea9816d447f537ae55d239a8715a763c

                    SHA1

                    5b7715bfe5032938ab613dee479ba07e201789b6

                    SHA256

                    c5146dd61eb40e706c08c46a673c6bdd504efcf590c417f68d11be9174759b10

                    SHA512

                    2cbfc82756237a192ca3641372287340a853a86a35935999fcba33ebf6d5da22668ad6bb7b7acc1f33f9d912ad4868fdd1658e8748b77818ee7e695ec5f88623

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                    Filesize

                    111B

                    MD5

                    807419ca9a4734feaf8d8563a003b048

                    SHA1

                    a723c7d60a65886ffa068711f1e900ccc85922a6

                    SHA256

                    aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                    SHA512

                    f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                    Filesize

                    111B

                    MD5

                    285252a2f6327d41eab203dc2f402c67

                    SHA1

                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                    SHA256

                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                    SHA512

                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                    Filesize

                    5KB

                    MD5

                    2ae687ba8282aeaf4b09187a9f59a74c

                    SHA1

                    3c04fee35d1ccddd116cc1bf54f6cf1c5d9a0408

                    SHA256

                    c7a741ede39d9baf6425e2acb1a9cfb251ee97aafe5226e6a36e0ff283ccc071

                    SHA512

                    b7730ce6d350b4de4b65f0d186292ed11bfd6e7459249bd77c9d084143f6bd0bdf1dc9b63a5b0ca2578c0746e46492b23aaef9001d8d607ec4fe5c60b7b49866

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                    Filesize

                    6KB

                    MD5

                    80667b83243dff54855a1218c167a964

                    SHA1

                    9f99409728ebec4f4ea8fdca450bd1285b338707

                    SHA256

                    4feb97297ad3511ad29b50fb466092cb72a4d453b80afa3000f6c2df3421fc05

                    SHA512

                    5d713a3816ea27f349cc12903306840f23f37cdff810a014994fc925329fa26087875ae394e3a1e53cc3209a19de2848a66ebf1d4d86fe60748c1af6cdbad7a2

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                    Filesize

                    6KB

                    MD5

                    79fa24f40bb95e380f4addf56ce12697

                    SHA1

                    6db81836e7b36edfe08ad86a8ac029d406feb78d

                    SHA256

                    2fb890e6637b596cfce0f739c25ae3bca26841d53ee37b4231727626ab330b86

                    SHA512

                    4517891c917a7ef771b338f9d6c1cbcb8705e7a8b69d1672d3ab091e085852ca42eb345bc726ad7400cb90cae1bc17fa16893717243efceacdce58ad83da0e60

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                    Filesize

                    706B

                    MD5

                    f7882cd2fc056b1b10646276819be21d

                    SHA1

                    466991d5828fec4f6d49517541e1d30bf20c768a

                    SHA256

                    dda3f5eb555bd059262be674c0509f467883f4c104b49fca7e64f510ace6b7b2

                    SHA512

                    ffe23c2f1e0de3b8af14b6786864f7ed9851fe94a470cecb1ec845eb0f855821aa8cc0dc25e2f41e3048277cc1fef82368530534d9b225d3240200bb8e566f61

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cd52.TMP

                    Filesize

                    539B

                    MD5

                    b88c189aa18f894f3e84da792c7452b1

                    SHA1

                    0a453f9978e20737d02515db383edb57a6847e34

                    SHA256

                    ccf8ab09f841ca6d6b1ad6690e8ea26889a54c0f07d791ae3a16037218401a5a

                    SHA512

                    f1815b539731513e29a4d311d64dfd11e482b9b3bd16b6eaa19338513c186e1c5d6568bf50707ad15517f76c71594e90f28a57b3a7bdc8036a4f40872c23df2b

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                    Filesize

                    10KB

                    MD5

                    979fc84eac2a01c0973868097018e6c9

                    SHA1

                    688ff22b2983c39c4c35b3592483a151cc15c7fa

                    SHA256

                    53201a18bf440c4311bd56048642f03504d974ef0bb7bdda36ddd0e418f54966

                    SHA512

                    987f77b8e4d91102139d22d728699be784cfdcef1cf31832a47fe276dc50aa9d936ada6422bf474f99db3a966d94f1001cf27f2e310d0508eeaab92b8d62d7ad