Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 01:11

General

  • Target

    a34f31500fdbb10c3d32d1746fb8480c_JaffaCakes118.html

  • Size

    19KB

  • MD5

    a34f31500fdbb10c3d32d1746fb8480c

  • SHA1

    2590ebf3796a24e60d07d60a04723b7dbbc06908

  • SHA256

    b359b7efd3ddc34ba83b768b0ae25b9173e8760f2cb69921cc6822987556f864

  • SHA512

    ee5f1bae3928450f672c17ff62c2aaabef4cf0de521b943369f1129a6bfaf1c7ffd43135334fa10985b529fe2859aaeee29572cf7b0d95c237e3a97ba189d287

  • SSDEEP

    384:SsurcxRYDNeB4feFsurcxRYDNeBxC8PurcxRYDNeBSiFi8E:SNDQ4feFNDQA8GDQ70T

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a34f31500fdbb10c3d32d1746fb8480c_JaffaCakes118.html
    1⤵
      PID:3212
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4040,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:1
      1⤵
        PID:1648
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3860,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=764 /prefetch:1
        1⤵
          PID:2188
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5336,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:1
          1⤵
            PID:2516
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5360,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
            1⤵
              PID:3324
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5500,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5552 /prefetch:8
              1⤵
                PID:4056
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6072,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:1
                1⤵
                  PID:4824
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5524,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
                  1⤵
                    PID:864
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                    1⤵
                    • Enumerates system info in registry
                    • Modifies data under HKEY_USERS
                    • Modifies registry class
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of WriteProcessMemory
                    PID:3012
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ffca7cc4ef8,0x7ffca7cc4f04,0x7ffca7cc4f10
                      2⤵
                        PID:4112
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2308,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:2
                        2⤵
                          PID:3320
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1876,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=3356 /prefetch:3
                          2⤵
                            PID:1204
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2408,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:8
                            2⤵
                              PID:4612
                            • C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4416,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8
                              2⤵
                                PID:460
                              • C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4416,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8
                                2⤵
                                  PID:4968
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4648,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=4684 /prefetch:1
                                  2⤵
                                    PID:2876
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=4888,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:8
                                    2⤵
                                      PID:1912
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5004,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:8
                                      2⤵
                                        PID:1556
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5476,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:1
                                        2⤵
                                          PID:1496
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5544,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:1
                                          2⤵
                                            PID:1368
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5524,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:1
                                            2⤵
                                              PID:2888
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=564,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:8
                                              2⤵
                                                PID:3616
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4504,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:8
                                                2⤵
                                                  PID:1616
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5368,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:8
                                                  2⤵
                                                    PID:4372
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"
                                                  1⤵
                                                    PID:2216

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                    Filesize

                                                    2B

                                                    MD5

                                                    99914b932bd37a50b983c5e7c90ae93b

                                                    SHA1

                                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                    SHA256

                                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                    SHA512

                                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                    Filesize

                                                    2B

                                                    MD5

                                                    d751713988987e9331980363e24189ce

                                                    SHA1

                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                    SHA256

                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                    SHA512

                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                    Filesize

                                                    40B

                                                    MD5

                                                    20d4b8fa017a12a108c87f540836e250

                                                    SHA1

                                                    1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                    SHA256

                                                    6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                    SHA512

                                                    507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    10KB

                                                    MD5

                                                    802d5def40ee311871642a281649c98e

                                                    SHA1

                                                    0b5fd3ae18f1633f628a5d53c850bb756968bf16

                                                    SHA256

                                                    3ba91af161d6eb2a84d788a3c7c28ff91796ce66454340267dd376de7a67e49c

                                                    SHA512

                                                    13b6a94ea79b6bce78a53e7c602414363e789ce50c49b822dfc5e6062852ba6ddcab20133d9b8b7c8b3474e31062a4b2a52a75826387d4dea740f47e95c1c5ee

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    58KB

                                                    MD5

                                                    ab197a952ff3d123ebb99870690270f9

                                                    SHA1

                                                    fb4cdbece9d821658fbe5fcbf92cf4290d2c61ee

                                                    SHA256

                                                    4ecc07cfea6e9998f180347ce812df3c24d3fbe216450804bd1ec59b7a4a81e3

                                                    SHA512

                                                    19b4918d3c9d3a4df91419dba1680a901f6745876c0787ef29c4f13ef0f5a7899b0bee67931f1db09a60bb678663c0b8fb5dcde0cface7b374f62e9b8c56428c