Analysis

  • max time kernel
    145s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 18:49

General

  • Target

    a1d42859a8dc074bb61f5b68bb1588d7_JaffaCakes118.html

  • Size

    59KB

  • MD5

    a1d42859a8dc074bb61f5b68bb1588d7

  • SHA1

    7878954030554e3675e7f3d66a8bc4ae402538a0

  • SHA256

    50dfea6f5d16dfeb39958a9d7e1e70c50015db278b805d9e597b984a9f0da0b6

  • SHA512

    ce0cddf6f27b553124d7b2b531f1ac55ede53bf59978b072bacba513e348c872a5d3ed408cd36e28eea83f5a4873a3af74a33c304bcd8cb1e203f93bc00aa50e

  • SSDEEP

    768:uHO9m/uKcEzJcE2+rc2ZEczojBA3GBeNjJ3sKxXQrhFUn9sK0fcFnQtQU9fLNgVI:uu9clOYcjBA3GBeNjJ3sK2FFPKWAcjqy

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1d42859a8dc074bb61f5b68bb1588d7_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe706746f8,0x7ffe70674708,0x7ffe70674718
      2⤵
        PID:5016
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
        2⤵
          PID:3488
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4308
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
          2⤵
            PID:4128
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
            2⤵
              PID:232
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
              2⤵
                PID:2896
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
                2⤵
                  PID:2276
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
                  2⤵
                    PID:2672
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
                    2⤵
                      PID:3640
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 /prefetch:8
                      2⤵
                        PID:836
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4812
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
                        2⤵
                          PID:2060
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
                          2⤵
                            PID:2948
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
                            2⤵
                              PID:2908
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
                              2⤵
                                PID:4748
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5488 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4620
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3616
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3404

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  81e892ca5c5683efdf9135fe0f2adb15

                                  SHA1

                                  39159b30226d98a465ece1da28dc87088b20ecad

                                  SHA256

                                  830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

                                  SHA512

                                  c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  56067634f68231081c4bd5bdbfcc202f

                                  SHA1

                                  5582776da6ffc75bb0973840fc3d15598bc09eb1

                                  SHA256

                                  8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

                                  SHA512

                                  c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  312B

                                  MD5

                                  12aa42485e3a0b72293dd9809bea4639

                                  SHA1

                                  771d5e3a9ff52241208f0934b238d4453e3081b9

                                  SHA256

                                  c0d6ff6f05bbcf75d453614f57430872c8311908b8d1fbbee557ea9b7ef20214

                                  SHA512

                                  48c7b128c5b860fba8b8db8a85b8c856819d1c3206355da57fd3bd6638f6654f91e6e98528251f5c66798efab9c5b68ab71cf44fc8b90253dd72a82e8ef1e5a0

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  96B

                                  MD5

                                  77caf65b00b091bf3d2e3d2783c9b5f5

                                  SHA1

                                  c5e023c5716f098d833247741033aaa690378871

                                  SHA256

                                  fdacc1d08d2470e63fe0c38fc2a9cac2cd5b7fb1aa366a4046fafca038352b8d

                                  SHA512

                                  53d6acfeab8224f2dae8e67091be712c78438a8b4565ae4fe938c1f3efdf35d2690f7ae5469416be4c6ac9c2838b38074b2ca762d9505d1bd52d1a91635b5b83

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  2KB

                                  MD5

                                  cc8789c3b26b9179594ac5022bf36c73

                                  SHA1

                                  8d09e84381f0d479d1f85b9a0bdcc81b350f0a6d

                                  SHA256

                                  f62697417731a9e633acbcfc7ebd3eed25fc9267a55817cd824a9c96d0573c6e

                                  SHA512

                                  c8546049f39d144a24d6fa6108059d0b27f3fec02523f70dc8630265ff4b59244762c31d61c0d20bb504949768050119b9c9cf31df94983795454e0666a2daa6

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  6d6d0030e0c4ace5f3d2cb06dc4545d3

                                  SHA1

                                  8bd8a145b51fee389ace41a24de718935f06b344

                                  SHA256

                                  de88bc92c0e08eeaff1933887d0313feab1f00943b0275b6d237dd35ec0cc4cf

                                  SHA512

                                  31798fa69a6f28e38cc681f0150b5f8fe3d831005b3cb94239f116c8920af13a632191918ffce820b9cc646c35145e62dddb3e91b9b7c4a0aa58e163643c1a47

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  ac98fb7ec6085ef34b0f1ff9d02a2691

                                  SHA1

                                  7fd019afc1b186b0764072e27a5b899b2d716d03

                                  SHA256

                                  a43180113b0f1f7f8c26235f08c368af479207f8762f659583ea78b90b32ff90

                                  SHA512

                                  aa1133fcc09546e6132e8d2de16056694d9387d029a22cf17b76ddca4923cd09a4c31f73adea547422e027e86c7968f6c21cd2f25a3806e7f2fd4f536b6f7d00

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  b47b84f38f396c1e8f453304d8bcf44c

                                  SHA1

                                  11e2f7dfb7c792f756bbdeb9d51f88e184961502

                                  SHA256

                                  5b9808fb91983b85a0f6ac0da5962784e17bd2f9767fa17ef86ef10a58d33fbe

                                  SHA512

                                  3e6da5cbfff2a0a4d1eb2532e2823d9ce53c54e05c8ea72734aef4f9166eaa533b1312750b0097992952135f5ea8710ea87ea3121fbbb37ebc4a96cc9b49489b

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  8de0d42725be9442a255227f2a63466a

                                  SHA1

                                  34cf19feddca948504c98cbc54e24d08aafb799b

                                  SHA256

                                  6fc9fc0e08bfc73015144795daa62d5e4bf8939d01b14a973c45d0e0b01551b4

                                  SHA512

                                  25cd8fa5599a9d56cdeec3373a99f3287c2dc802dac33a1d472505527133300a6edda95f61bcc161386184a85a0f354a6435ae11d54bc334b49735b68a8a2ec5

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  706B

                                  MD5

                                  90f37b9e8cbed1a58afac27810637b23

                                  SHA1

                                  cb554fcd181f34658a918f78165b2b8c7194d84d

                                  SHA256

                                  b1edc47f43e7f05014c2ae179f7912c2048160873ab9d79649994e89d44c3651

                                  SHA512

                                  91b8f96a467f6041415767404af954800d3fe6c0b48638a481eaa1b89ae908ea74722ccf5d3061a9bd6dea76ec207780d7eb9b2a333c0c66ca5f3412f5e3c530

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bbed.TMP

                                  Filesize

                                  538B

                                  MD5

                                  5ae2c0b12410de62884d2567e562263f

                                  SHA1

                                  e3d80ea5539643cfcee80215be53d99f666dba09

                                  SHA256

                                  922a30c564dc803327f57a11521850dceccc8f2130a1955c2331b3509f345cc2

                                  SHA512

                                  7782022e770f2467199b8736ce2263a7906b58ea1d7b529dde1daf780f006250804a6a2c105a53290cb6a5a938aca16734e2f02653d70fcf130695c5e5a113a4

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                  Filesize

                                  11KB

                                  MD5

                                  cf1640cbc576eaf098448987c25e047c

                                  SHA1

                                  693cff08a0fb02ccefce7e63f7bfbc3ba23b231b

                                  SHA256

                                  9bcf52620f100412d40aa13ce9a31d7f70325844a0912ef1c9ca832fee3798da

                                  SHA512

                                  1ae89b7eff13f3524b64e9744a4ab231af88df0aec8f3f092be31f1a2d855976663888cb7f5b9c1472e6a7bfb9f2ec7da37e57160a915fd23f5440b4830a15df