Analysis

  • max time kernel
    145s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 05:02

General

  • Target

    a3e7a4ca9f1faf47c99a9dce98ffed31_JaffaCakes118.html

  • Size

    150KB

  • MD5

    a3e7a4ca9f1faf47c99a9dce98ffed31

  • SHA1

    fc397a11dac8388647884801b94caaefd25bb938

  • SHA256

    aa92d4a38b9d4350eb6f9bb43875cb40ad5256d35e16bba3e472f6dcc257207e

  • SHA512

    2d077e9a23fdd27db0d475755fae801986a46e83076b1848c6dd415d169d1c63e890b9755a9a66ee600e6fdddc87e252723c747a2fd4e263bae064de07930b74

  • SSDEEP

    3072:SFQljMgpYEelQ326Zgh1OzcQhetUzyODxs1/ivpug9EFnTVj:SFrEelQ326Zgh1OzcQhetUzyODxs1/iY

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3e7a4ca9f1faf47c99a9dce98ffed31_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4544
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffa9db446f8,0x7ffa9db44708,0x7ffa9db44718
      2⤵
        PID:532
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
        2⤵
          PID:4948
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3904
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
          2⤵
            PID:3096
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
            2⤵
              PID:4836
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
              2⤵
                PID:3012
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
                2⤵
                  PID:4600
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                  2⤵
                    PID:2288
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 /prefetch:2
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2880
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:4984
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:2864
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:4368

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                        Filesize

                        152B

                        MD5

                        81e892ca5c5683efdf9135fe0f2adb15

                        SHA1

                        39159b30226d98a465ece1da28dc87088b20ecad

                        SHA256

                        830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

                        SHA512

                        c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                        Filesize

                        152B

                        MD5

                        56067634f68231081c4bd5bdbfcc202f

                        SHA1

                        5582776da6ffc75bb0973840fc3d15598bc09eb1

                        SHA256

                        8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

                        SHA512

                        c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        312B

                        MD5

                        b7641bc4e28670ab7b0b1d24669e17f6

                        SHA1

                        e0d66281d26aef9accaa39864649e33419a0ae63

                        SHA256

                        a4acdfb618f80c9057495f42789eaec7c63fe44d6f5efd3d02dbc2bee0882afa

                        SHA512

                        73f0478c25854758d36b04889b6de149115b63af5a6ae1c563a404d7d4380f3f2ffeda2c7544b354e3cec7c8f62707cff6b0a6a1eefdd8fe046caa5db1041a63

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                        Filesize

                        111B

                        MD5

                        285252a2f6327d41eab203dc2f402c67

                        SHA1

                        acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                        SHA256

                        5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                        SHA512

                        11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                        Filesize

                        2KB

                        MD5

                        737f969965830bd215fc9a058f39d829

                        SHA1

                        4916d75cb88b65465b499adc96d34c3d1fa80b40

                        SHA256

                        0f25f046eae754f250bc7adc2aefe1267c5ccba14afb7af1d32068d7e43d5cf2

                        SHA512

                        fbd3ba263f6daa5f6c13e7db3a906b5e04d0f2c23c35f056ad822db9a9152c1d3588d5888b190f1def5162405089b79c021c23b25d87047047c4744f88558ebe

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                        Filesize

                        2KB

                        MD5

                        9f678d9aafb509f2f9f9c54f89428596

                        SHA1

                        1f3b5e0a27fea834ce0078722be0bde40241b8ab

                        SHA256

                        6fa8c21444a546235499cfdd809729da30dfd91adf0af663b858b3f704eafe85

                        SHA512

                        c81ebc34400d3145c960c293ceb0e904b5eddc47e4c754377203b29ac9ddf32dae3906e47c2ea5bcf435b90bb257f09fcabbcb90599dcc3d40066f0a91bd82df

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        183b7f13c88da9521b0067e447383535

                        SHA1

                        c3bdbf3f84fec11b464674e1f7dd10a3eec4297d

                        SHA256

                        eeb24585a3dbbefe2c8eabe6eabd179fc66fc4f25fcd3a8872e6bf7506e42e64

                        SHA512

                        da12d6a5e18496d9d97814836570f5026694f77bd8677f1c1f6d1c6d8225a3a243b822a363ec2201145412f3467a0fbd57d4db06e794152c63108c23b8d11135

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                        Filesize

                        7KB

                        MD5

                        31fd9494b32087881f0d9f6878619d48

                        SHA1

                        6ec50e4b3e3c7aad3c07b0d79698ec1b00f858db

                        SHA256

                        387c9641eb0bd31d27615d5fbc11e4cb19e90f49f2fb1d011ba2d31e91a71008

                        SHA512

                        8bb04ec55a82ca78e97e82f83c9ae8c956441fd8d700e2755ea0d830ef4de2272aa1c8616cfdc321f25a4b87c7f866b7b8634fb34cff390339bffcabccf9f5b0

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                        Filesize

                        11KB

                        MD5

                        b8660430ea4642397124d09c5b6112bd

                        SHA1

                        b9a574131855eda69fc54d413d0de7c60a7ef5b3

                        SHA256

                        92d9faf769b62fc8f4782e1576d6ae82051ac684013df039a949520ba0005567

                        SHA512

                        e441d2cd33faae5fa900116421a5105d09149d216fc320f9b8a0f51a79ec2080fde0c45b478081d92295753b214090c375fe255682db7072f785dedd027e127b