Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 04:38

General

  • Target

    a3d83fddfd88d60a19d3a57df5a481e5_JaffaCakes118.html

  • Size

    418KB

  • MD5

    a3d83fddfd88d60a19d3a57df5a481e5

  • SHA1

    9e72a788317a9c7b5c0553c13e8535f297cc96f2

  • SHA256

    21228925e3b15ff741d62a1ae1c56b9ea1223f98747d4b3eec500ed7dee17565

  • SHA512

    e2272757423a85684d173e1b28f9e97f28fbd9a4b6f8310fc25d000a2e148979c68ff257b9fc4ecb3984ecc65999b8c15703da1c3c7b44b20eb20444fef70328

  • SSDEEP

    1536:Sjyn+KgqvdhHWfc89wV7iHR7Z5TfltWQyn1qsYcZC8nI7rAWgPhz0+PPSmW/LPtN:Sj9gdwFtiO8mkm+Cc4

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d83fddfd88d60a19d3a57df5a481e5_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3528
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd15c846f8,0x7ffd15c84708,0x7ffd15c84718
      2⤵
        PID:2856
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
        2⤵
          PID:2676
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3012
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
          2⤵
            PID:4184
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
            2⤵
              PID:2072
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              2⤵
                PID:1844
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
                2⤵
                  PID:3980
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
                  2⤵
                    PID:716
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
                    2⤵
                      PID:400
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 /prefetch:2
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4064
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:2136
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:1768

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                        Filesize

                        152B

                        MD5

                        81e892ca5c5683efdf9135fe0f2adb15

                        SHA1

                        39159b30226d98a465ece1da28dc87088b20ecad

                        SHA256

                        830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

                        SHA512

                        c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                        Filesize

                        152B

                        MD5

                        56067634f68231081c4bd5bdbfcc202f

                        SHA1

                        5582776da6ffc75bb0973840fc3d15598bc09eb1

                        SHA256

                        8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

                        SHA512

                        c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        72B

                        MD5

                        598f130ed4569499d76580afb734e1eb

                        SHA1

                        eb6cc813bf48eb0a49e9442ef73f305fa4b0690e

                        SHA256

                        189a6ad190d57623ba589f453c9f33d0ed4a330774fcdaf7b8fa88141c973229

                        SHA512

                        afe5fae2e793d1574f622430daeb5b2223cace6db3a61dc45211dd58a817b634085ee4b2c1b6443f3ff6bd29bb4b024150f0162424c49cfa3aebf7f469771cb9

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                        Filesize

                        531B

                        MD5

                        3b7da619b41a8641492c3c300091328f

                        SHA1

                        03dc7d3d3552446ccaf7b7d78445b8d3917de06c

                        SHA256

                        4e25587ac7c9b5ce393698b6e88c4d2f0f9f3d1afcadf987d9528e8ef378cef3

                        SHA512

                        e5e03e94947f116e1374e84499358f838d196e81118fc618bf36f05f352f1b800e46b6fee4a7bab943ec5c3f409a78d1b9d8a02d52c35ad0a61f47f5d553cc41

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                        Filesize

                        2KB

                        MD5

                        cce690aa1708d0de794d51f2c1063f1d

                        SHA1

                        0ad5b226c44122dae6fa0a23130aa5e1905ed7b5

                        SHA256

                        3a8f48433d39b7a1b0707cebde2ccfdcf92b570de798b0a75e204c43aead516e

                        SHA512

                        328ace6588051ebf1ce3d258424cd224ba92a399a9ed12316f3a0b8da39fe9fa1ffbe9fd23e7b86279e455464c0b1eb59eea6c35e89bad9be425c86328cc5abd

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        2ca6ce0977bc021885c88114290211f2

                        SHA1

                        1283b556946b22f368d45bcb1956f43e40713b06

                        SHA256

                        f7caadde76e77bf7abb44bb2855b928284b1260ec33000d6ff01c42ca2bc3bd9

                        SHA512

                        64c72443b1164954a13821de4e6513eccdbbf57a403266ca60873b345cee1120629045f77cf715211041f80e6efcc18a708329dffaaecad7d0d27181378c230d

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                        Filesize

                        7KB

                        MD5

                        6ae5de7efb594f7ec82aea145ac758c1

                        SHA1

                        760f61958dcf0d2e22eb310d13237561112a000c

                        SHA256

                        af1d583dd44c0b8a9536690cd1b18fa49ea143f48de9708586ab81ca9aa259bb

                        SHA512

                        44b2e04289ea3b8b4a1e2b3d56ac91c0db61312429fa7e85eeb83653defdabd663a548901bca63bf9c1f777fd987e224049abb4f9e16a7531f34eaf055c4a1fc

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        18623ab92b0db26cd1160f58ad2ed3f8

                        SHA1

                        9a61896e114c207d2fd077c698b983d495fbe7d0

                        SHA256

                        93e4f20a089047a0bff9f68a3d156d7a3345bcf8f14a6ca9311b6f58a53784d1

                        SHA512

                        de56209a599c5dee8f063798c2abb631b7c5b99e7e5773e36647ec9ce1a808099458d777f26a50a44b529fb6d93caa0c7081dcbdd455cdd74c319afaacfa2938

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        3064789aaef81ac5fcde98c0e883e8aa

                        SHA1

                        28987a132026f15096fe5aac8201ab6772fc1e0c

                        SHA256

                        719e5a025bcac9ac3ef3cea7b4527fa06c64b55d5f883d217807898993669ebb

                        SHA512

                        cf5f62159e2743a31540d7dd641a06f0cabba2dc56679c6a6f67c266fa59411e6435f3fc1ae194db0b260410fa34cf0a4fe3ac288174985ebef2191544140c29

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        8ffc263a3a53175c7cc82c7c5374268e

                        SHA1

                        46851e7cbab14064efc09b95fbe5bc35728b4d37

                        SHA256

                        ddf0160eabb1972c177c801b99ca54ed8a14a09d2377330ca10f76fcd05d43c6

                        SHA512

                        0498dac613218dee08ea4ade673f1ea869f6a3ac6262e9a04a33bd185861e99f7999cf3525f5bc3a12a8af51ad5aec31beb7159da16179cc6ca106ec40b3ece4

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                        Filesize

                        538B

                        MD5

                        617cdf5f1c6b548924d6ab3def2e0e68

                        SHA1

                        8b6ab88f26118b4f630fe50981e9ea58b3666c30

                        SHA256

                        5f91d9cabd4799e7ae5137282c075b83515d6dfb4a442435fa44bfe925f1edcc

                        SHA512

                        604d7fab1e0cdee4b70c3399cc4127daf0731f39673141d08deafd25060ffe04ada8272f13daf2744886e15befe22c3582eb8ccf172eaf122f263ceafefcdd20

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        e85ea8103b1450cdb0f3fd3f1a070acd

                        SHA1

                        5dfd1dec9615dd05100a4c0e731f66a41a823303

                        SHA256

                        18354690a68e40bb916b6007864f98b43da13c0a324814bad4c88ba7fc3c28ed

                        SHA512

                        7fb3af73913f36bc45f11c83d48f09bf1a9fd46ccd170fb285b2ff400731751054555162c8514af00921416b2747bf62c0c44ad0e45d842f9aff62b2f2cc5625

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                        Filesize

                        2KB

                        MD5

                        43429180acfa92b3ac7de04c11a8fe61

                        SHA1

                        a9a80ba6c494f13280ee8aada5a69a3c67c064f8

                        SHA256

                        e29754a0826b2396f14680463534828caadb2a066cf9c55059a9193fcaa12241

                        SHA512

                        a65af025f57015672aab2ad2b8c290c091714923e5c5616d18ebaf18a273a0b1d90691d3c2f22cd776ba0f16c46fdcc0547e3d649a4c470fa51459eb72a8d595

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f1e.TMP

                        Filesize

                        203B

                        MD5

                        d409f3ec7e48bdbcfb4b7c5a0d7fda1f

                        SHA1

                        8a7fd1bc32d60494d147af3566423d23ff2689b5

                        SHA256

                        695fb1b8ab3868fb4fd0ff8da95811be61e13de24bbdd8c61b3cb84f63da4033

                        SHA512

                        a26b1eb0df07189776c60fd113c4804345db8e06b39ee8f862903c1b785e6ccb066f5ee40644640d42c5926e6f18dc7615fc500f928c5875d33523f4c0c1840d

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                        Filesize

                        11KB

                        MD5

                        c657c0b6366f70463de2f7cb0cb9634f

                        SHA1

                        03847ad429a092cb2c41aef9ce398367fe89ddae

                        SHA256

                        0f26757b23efe28b01d08238ae43d673599d18bded28e00c93734361897751ca

                        SHA512

                        94d1596cd26ece3ba07d7128a3d5f8ccb7038988dc71978cf663165e1b8de0590c1c5f0f88cf4500fd525a718c8479c77c3ff3c4bccc821291a0b1440901f5b9