Analysis

  • max time kernel
    120s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 05:00

General

  • Target

    a3e672e2d473b6fb5d53cb04b5ab56a8_JaffaCakes118.html

  • Size

    115KB

  • MD5

    a3e672e2d473b6fb5d53cb04b5ab56a8

  • SHA1

    2f02f2b740808a7eaddc2a6c107e535396c3f9f0

  • SHA256

    7213d178c20989604c3c3828e3fbeba91c0707218dcf8f05920fd9600142fb96

  • SHA512

    e2e68dbdd1c537824e3d9eb30abfba82b97e83ff78b4f9d475f24c9f582ff151c8cbbad12538db64dc6e4b1c4f914ff92901ffc32cae7a996906a24580844a6f

  • SSDEEP

    1536:jAi9PBvVQk/7Hd95r8Dtlq8ptx6O80tGN/8mtoA8Ita38+tfN8vtUu8rtMC8XtDL:jA2PBvmQcP+

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3e672e2d473b6fb5d53cb04b5ab56a8_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4eee46f8,0x7ffd4eee4708,0x7ffd4eee4718
      2⤵
        PID:4176
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,17738384748319417744,2550417283276718371,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
        2⤵
          PID:2752
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,17738384748319417744,2550417283276718371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3932
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,17738384748319417744,2550417283276718371,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
          2⤵
            PID:4632
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17738384748319417744,2550417283276718371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:512
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17738384748319417744,2550417283276718371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
              2⤵
                PID:4956
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,17738384748319417744,2550417283276718371,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2
                2⤵
                  PID:852
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4072
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:4644

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                    Filesize

                    152B

                    MD5

                    dabfafd78687947a9de64dd5b776d25f

                    SHA1

                    16084c74980dbad713f9d332091985808b436dea

                    SHA256

                    c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

                    SHA512

                    dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                    Filesize

                    152B

                    MD5

                    c39b3aa574c0c938c80eb263bb450311

                    SHA1

                    f4d11275b63f4f906be7a55ec6ca050c62c18c88

                    SHA256

                    66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

                    SHA512

                    eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                    Filesize

                    6KB

                    MD5

                    aad3d9cf1fc6398842a9081f010fbd74

                    SHA1

                    b8b7a00643450afd122aeee397bb5890483cc6a1

                    SHA256

                    daaed026583275b2d9fa666de87ca5b75efa2c77bdbb568a26e327fe0ea5b331

                    SHA512

                    0f3b12a5b8edf690c70297d90951281f83b1c4c2fdfea5b51c0accd6db703fe9ae6beee11eae9d7027c1fa785a72322c00fdf162c6ade5a624b969dbfb405734

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\df12fa77-a9b2-46f8-a936-378eabd21c19.tmp

                    Filesize

                    6KB

                    MD5

                    5d3d2df3d13802a4ce6658947ec37b4a

                    SHA1

                    3b0c1b7ac2f3d61f145264a04c4934977c29a3f6

                    SHA256

                    cd29abbde40183935bf11e7baac038a3000b966857599591815ae56b003f3bdf

                    SHA512

                    8853d4f2cc1d7e7800e60d03872bef2d09758bc86815925cb22e414989e71477d6bd982757bd136a7130922261c3073218be15c35438d2b0c3039dabb748ba1a

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                    Filesize

                    11KB

                    MD5

                    cbc39dd6bc1aa0b8a478385c094b5fd1

                    SHA1

                    e43186d793315f4af92561987da1bf2dbbb94e64

                    SHA256

                    8f957114249e223f98ff36c18e75ce5acf1735efcf6fc876f20c15296482921b

                    SHA512

                    d1a8474d0d5b8caab4a6f0b5d9a97559ef996b403a57ea2b1a4b3df51beea308e81e3e717da22039ea70109db026f1ed02f6d5fc519328246793e4e4b2ccfb4c