Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-06-2024 12:43

General

  • Target

    91d3b77a3f5f81087c1411ad865cd3b0_JaffaCakes118.html

  • Size

    54KB

  • MD5

    91d3b77a3f5f81087c1411ad865cd3b0

  • SHA1

    851c1c3deb8b26ebc104ebd2953da253f20f7e96

  • SHA256

    9ef3aa305c27055156cde196d2b6899e65c72d1b364c92903a24b7c6630bacdc

  • SHA512

    e6e3423845f57a764292d113f165833f554c465b91cbcc9ea01739043c439cb906dd017bde6906194e74f8a1431d5c9ca617640073b14e7a2507045d8fd9ffc6

  • SSDEEP

    768:MgOriWNcaSoagGO63fn6M0JOOUMpeChXeFwNXVZ729Zl:T/5fnOOOU4XVZ6

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91d3b77a3f5f81087c1411ad865cd3b0_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3788
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec2bb46f8,0x7ffec2bb4708,0x7ffec2bb4718
      2⤵
        PID:1484
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
        2⤵
          PID:2076
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4540
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
          2⤵
            PID:4896
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
            2⤵
              PID:4932
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
              2⤵
                PID:4856
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
                2⤵
                  PID:2392
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
                  2⤵
                    PID:956
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
                    2⤵
                      PID:4780
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
                      2⤵
                        PID:1184
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
                        2⤵
                          PID:2468
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:8
                          2⤵
                            PID:940
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1092
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
                            2⤵
                              PID:3856
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
                              2⤵
                                PID:2696
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,549779861030058852,15094480128117553530,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6620 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4336
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2056
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4852

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  537815e7cc5c694912ac0308147852e4

                                  SHA1

                                  2ccdd9d9dc637db5462fe8119c0df261146c363c

                                  SHA256

                                  b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

                                  SHA512

                                  63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  8b167567021ccb1a9fdf073fa9112ef0

                                  SHA1

                                  3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

                                  SHA256

                                  26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

                                  SHA512

                                  726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                                  Filesize

                                  44KB

                                  MD5

                                  23536ccfe05b737ae639fe63ee4cc435

                                  SHA1

                                  6d2e9822835dc3e6117a4d2addfc8f241fbdbc82

                                  SHA256

                                  6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce

                                  SHA512

                                  f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  216B

                                  MD5

                                  aee7fb654ec2ae4ad3b1d0bf3a1c0f35

                                  SHA1

                                  e14dfa658c39174d0b1859fb9e0ef34c47ab01b9

                                  SHA256

                                  d34b4ec539012a2f76b0aa60a3b52af55e29c402075560598649b577ff54be5b

                                  SHA512

                                  41d7be187dba9bb973c26db2f689d8587acdcdc25bc0850adddee2b6885314a06ab8298217b3d3cb593dfd541f9f6f901c1693f71a5736cd2923c7efc0fad9df

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  240B

                                  MD5

                                  3d5c47e40f0792db1df0f040383b0f13

                                  SHA1

                                  8bb6343ed13cdd174e5f4c8822d8d15c1d305ee8

                                  SHA256

                                  141abb69c01433061cbf52a7e664390ca7d89e0df6156cc6d3b186c1b0e39b8f

                                  SHA512

                                  62ec44a1303f0708ab24569c48e46c469fd95c731756016989585ad7b64a638b54fdd0b69dc75811e91eab828300fe657cf3dbe1a6fd10aab3325034675fad5f

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  3cac35644a446acc599dbc21708eea83

                                  SHA1

                                  d7b1481b505fe6954308bcb582cdb6e33e5d645a

                                  SHA256

                                  f1f624036a753d8003376d92f4f4b4ca50875002a9dd52638bc862ff9ba20442

                                  SHA512

                                  6aa39995e2513cc10d28b07edf66e92fd1f124d9fdbebb21af841688b7a0dddf14a368c56691d3285e90753f4349f6ba428004b9ef9b82987abb91b2b0657b15

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  b5d9806ad3fab7345cf811629955ce5a

                                  SHA1

                                  dfefabbbfe806e82cd40c4365aacb56d7a86b92d

                                  SHA256

                                  78f6e01810eee3f0ef0af2f5dea669b3cad3a40e2df24dbe83054d0660f022cc

                                  SHA512

                                  c172cf254b8ff899e3aaf50d2d2bc0a801c38a89c4635e4c34586b91aac73d0e38dff1de3b6eccb3091c9d41703bd6813039fdb984826a57d432b6e0d9f6bbb1

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  361bb466ed1cabdfa05bbe82166d421e

                                  SHA1

                                  c755de3f15516e278bbc10742e6f1f0e03294d8d

                                  SHA256

                                  17f7b20316e6aa8c867a2430e4822c9ddfffebd1a34cc72e6933e02f822c94cd

                                  SHA512

                                  4fd8ec96c889770031ac32f2b8c8c90e6f09955b8071341961d026b13ef9ac5eeb10e9685aa8b770121481061d7e64667d18ce554a57e3046cd768dc56f40a7e

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  448684027dcd3200f885dc23b46cff1f

                                  SHA1

                                  b5bf9bf9190efbe9909cd6b078e534f9165d85db

                                  SHA256

                                  dd6fad51b360e66bf768815d7c714f653d186133a327ab6a6b37599260d38e05

                                  SHA512

                                  00703b83ee84dcc6c2a63f241815e0e5e8e7e0d58b71ec77a36362eeddb026d77078231e36ab818a82c4344a9b4945342e012d57bb116ec3208ac6a4d990c961

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  b119331278ddb5ab0b9f63762aefbbaa

                                  SHA1

                                  c9dd788cc49f1f69080d648bb9137972b9528364

                                  SHA256

                                  089b0f298bacb8fe7bbe39fe14ca15ec43cdcb607924edf049cf11e91ba1ae12

                                  SHA512

                                  06b53802c475214a56632118a133649f2f01feaf7a05ce45de24c51a6705ffbd1e8a71cf0b30d04d05770e487307393183a293b86ded6adf9a9fe2bd8fedc4ee

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                  Filesize

                                  10KB

                                  MD5

                                  ce1f7c65f52ee0cae960add11b6be4fa

                                  SHA1

                                  a1380f3e40014332ab026a3d0f4bf42bd5e751a6

                                  SHA256

                                  f9d28929eff3e631aabe27da821cb2854a781e54a921ab4220d7852b09a86b0b

                                  SHA512

                                  d0cb3e74577da7b0995993d866c5899a411954664e39c87df30832afb993e85970f9e6ce81637cdc7c4e5c863d515ecb4c4facfba8e6a5a717dd9af85903f5cc