Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 00:19

General

  • Target

    a31cdd7e6e8c308fe74d6b7deb9c6a66_JaffaCakes118.html

  • Size

    152KB

  • MD5

    a31cdd7e6e8c308fe74d6b7deb9c6a66

  • SHA1

    0c10cce38d31a0d0ec74a1d68387642dba4fb442

  • SHA256

    a4ff49a95dbcb5f6bc3089fae90acb539536fd7285efc2a63657c4eed39f0fb7

  • SHA512

    0f74f1e1f47dff40bb45719b951c167004a4da5f834686d364314ea0330648a32363aef6cbb944d4e682e359518d1170aff09bff27279ed9ce1652c0fa26f75b

  • SSDEEP

    3072:i2fu3ixhXkaEcQHs6KM7nCts1nwoKKIWWsOv7zjsJkh6loGwtNm:nfu3ixhXkaEcQHs6KM7nCtpKIS5om

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a31cdd7e6e8c308fe74d6b7deb9c6a66_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3536
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba3b46f8,0x7ffeba3b4708,0x7ffeba3b4718
      2⤵
        PID:3560
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2368 /prefetch:2
        2⤵
          PID:3952
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1624
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
          2⤵
            PID:452
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
            2⤵
              PID:1844
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
              2⤵
                PID:2084
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
                2⤵
                  PID:2428
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
                  2⤵
                    PID:2868
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
                    2⤵
                      PID:4432
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
                      2⤵
                        PID:4972
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
                        2⤵
                          PID:4208
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5192 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1992
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 /prefetch:8
                          2⤵
                            PID:5080
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1600
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
                            2⤵
                              PID:4872
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
                              2⤵
                                PID:5084
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
                                2⤵
                                  PID:4788
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,3130935644648078695,16929877181773858718,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
                                  2⤵
                                    PID:744
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2684
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:888

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      dabfafd78687947a9de64dd5b776d25f

                                      SHA1

                                      16084c74980dbad713f9d332091985808b436dea

                                      SHA256

                                      c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

                                      SHA512

                                      dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      c39b3aa574c0c938c80eb263bb450311

                                      SHA1

                                      f4d11275b63f4f906be7a55ec6ca050c62c18c88

                                      SHA256

                                      66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

                                      SHA512

                                      eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2b29de6e-d5e6-4edb-8827-e6bcfd09475a.tmp

                                      Filesize

                                      705B

                                      MD5

                                      685c2a921467f932d28497d1e89c2383

                                      SHA1

                                      306be6066309a708eeee8d5c2b094f542c13f83f

                                      SHA256

                                      be216d1577fed51f7fecb57ddea6b1f3d5113338a84109dfcdf0f7abc38a7546

                                      SHA512

                                      396380f5c7ed3574552c6c01da2aed32a7739c8e14d8e46a5fe89b4c8ab4d73fcc329c22a535b6eacf30570330c822204bfb2ae6bf7f27d8755c4c053a53c565

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

                                      Filesize

                                      23KB

                                      MD5

                                      e1c71f7c04be834f5587230db2ad24b3

                                      SHA1

                                      f3bab9cb99d9f343bf7ed3981aaa7450515d2424

                                      SHA256

                                      9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

                                      SHA512

                                      205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      168B

                                      MD5

                                      df5c967db6616f0323e96a51e5cba05a

                                      SHA1

                                      1249b924be412a30f917c6ffa7a6578fa55d2f0a

                                      SHA256

                                      70cee5a335246aeeb63ea1237629d3203aedaeff5c8aeb0b555f0e4416bd1458

                                      SHA512

                                      b82e56d469bbbd3731cc488caec6cfe4c2548a10d53dd8462cdd57c2557dec0f6eea0f7e6b72230d4fa5c5ad57e75722c63b73dfaadfbc4a4591576fd6ba626d

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      192B

                                      MD5

                                      7227263f2a6369c15106d8ef66f2c7b4

                                      SHA1

                                      a5ccd98e92f8b7d8e0b4ca913aad39bd378c19a3

                                      SHA256

                                      b2d4a1e731edc0d413e9972b2cc9fa4ea44ebb388a873c6908dfd8cc6d555d0d

                                      SHA512

                                      2931132760a6e96d8fa4983b7940f03f8225f379a7e401d07b3a2b72a904a081209d50c324f5a3613c0877e09efb4084a7865c8c073a2f29e7b763ceec59e6f2

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      2KB

                                      MD5

                                      a3fc8e0a48073edfe61956858a0b54ae

                                      SHA1

                                      188fc399a29fd383717c585c3361b7a9414a352d

                                      SHA256

                                      b7c6c63759562e8521b6be506c0d3e5f49f7bd40d81b9fdc7db7b09c9fa06ed3

                                      SHA512

                                      92e648e10d9550c5316bb699aa3a13c646ee57e105c4650ee3bf14859447f07599fd54598424a2342ae1a343bfc6dd131b0c5a220a3fce4427e5d11b12ddc403

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      ae666c4cf54c6fc4070c4c27b7a2a4c6

                                      SHA1

                                      826a11f52db7196b10a41556309d5f532de8ec96

                                      SHA256

                                      67877f7e3e0f26bab06b2673143237f80a61519b0ca28838fedc02b947e0b39f

                                      SHA512

                                      8db70868e55d6c5ae09afd4d13af26f547702306e8f765a2f75621030a0d3a08ec02f7a60d89d69769569189fd5efed1392b51ad125772af167511f383bb7f69

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      cd61d0ca1f58b8b258138b6d3f47bc03

                                      SHA1

                                      bdda137e51344b293d248527b8b1ea0377a70c0d

                                      SHA256

                                      8c6eed39b88a427743ff2aa9d8f4b8e09563b3e72799d866c2ec44a52778c398

                                      SHA512

                                      60d272a79b714aab4382ff8f3b262ee2df4296efe8ad73a68a4850f7bee7410b6b61b693a14a3a18a000ecf5a06328cdd2198f470f9b689be1ba0142b1ac6ecb

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      07d3afe1d4768ea804762197d761081e

                                      SHA1

                                      5b49f6d79086e7c0603888a3df5bead13f980cdd

                                      SHA256

                                      d2ff00c8f4d4ee5d5aa11498721d9df39a309529d4029eb54f6fcbe42484a7fa

                                      SHA512

                                      4de61f9f98653a0db466e9dc5e7024109f01823c3bd2de9ae202cd4e237a826e4ec60be3d5a34ed693ccfa57f127d7093efb8c9e3b3d93ecadf282b52ce6d51a

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                      Filesize

                                      705B

                                      MD5

                                      f7454d0ecd6705294e56eb18a5a615a0

                                      SHA1

                                      f830f3728532dad8dc5afa568a6278f78cdfd917

                                      SHA256

                                      e40b4855c5a6446e107cf7cb89cd9e9b5af107c8af19fc1b257a84ec6ac6ef80

                                      SHA512

                                      4ef1da314c10ba4b0750006b6644038d193bb536db98aed92688e496651fcaf53eeeba67b6b11fed284f3849bc43fe7991b19c9fd1edaeec1855261fcdaf6315

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bf0a.TMP

                                      Filesize

                                      371B

                                      MD5

                                      b6ba1536921d41c0d8940c9be9a21f07

                                      SHA1

                                      c684a0107e3dcb4308df213a9dbac67513b09592

                                      SHA256

                                      ce880b3df2f0790539fe62471e11e1eb75e5415c2d12a8b2e66bc9bbd755864b

                                      SHA512

                                      73aa043e7c49aca48c4b60463abb83467bd44eef69d5b4ef546b73536c9b2659fb05f8884dc8a3e82a6d9a28e262d39303cfd4dc93ce5e81879aaf724b67f0d1

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      11KB

                                      MD5

                                      7cb46893783ff01bde2f1a571bf33fb2

                                      SHA1

                                      781138f66f1ab7246417bb7176a79ac1eb846ad3

                                      SHA256

                                      941a7e2f6df842c56581edddeb5eee684c572f9d170fb974062fce7eed3050af

                                      SHA512

                                      286eb318ac7fe4b84bde1dd0ba4e31d2e13fd85cfe0dec4495341304e46921198a8ae217ba9e1f18f00a5a889ebc3afc76d792ee0af8221277d2da9ae1de145f