Analysis

  • max time kernel
    147s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 07:32

General

  • Target

    a4710045b2670a99123fd9842981f31b_JaffaCakes118.html

  • Size

    60KB

  • MD5

    a4710045b2670a99123fd9842981f31b

  • SHA1

    c68405dbaa19ab2e08ca8d7ccef913dc94a95587

  • SHA256

    3b2ef5a54283f6f9a428686a087b4aa723ad246732c5821cf5634ab0277a1d36

  • SHA512

    b86af289a293624aa72e9cec308ae52878aadb83bad16a7901c61a6a778f7465961dba5e7ad787a7914eb5cfb58bb0b09d7f5188f820723777cf9966a77152c4

  • SSDEEP

    1536:7mvXvVyIoN7+dnuiWZMYm3x+9VHhaBxpVdjhv/xmIxcF9eG3ihwj:qfJEM5kjHhaXv5ng

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4710045b2670a99123fd9842981f31b_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4400
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ec6f46f8,0x7ff8ec6f4708,0x7ff8ec6f4718
      2⤵
        PID:740
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12833928839408808003,51115268826399516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2
        2⤵
          PID:4916
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,12833928839408808003,51115268826399516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3764
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,12833928839408808003,51115268826399516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
          2⤵
            PID:4532
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12833928839408808003,51115268826399516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
            2⤵
              PID:3876
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12833928839408808003,51115268826399516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
              2⤵
                PID:1556
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12833928839408808003,51115268826399516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
                2⤵
                  PID:2984
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12833928839408808003,51115268826399516,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 /prefetch:2
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4472
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:2688
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:4428

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                    Filesize

                    152B

                    MD5

                    dabfafd78687947a9de64dd5b776d25f

                    SHA1

                    16084c74980dbad713f9d332091985808b436dea

                    SHA256

                    c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

                    SHA512

                    dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                    Filesize

                    152B

                    MD5

                    c39b3aa574c0c938c80eb263bb450311

                    SHA1

                    f4d11275b63f4f906be7a55ec6ca050c62c18c88

                    SHA256

                    66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

                    SHA512

                    eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                    Filesize

                    111B

                    MD5

                    285252a2f6327d41eab203dc2f402c67

                    SHA1

                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                    SHA256

                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                    SHA512

                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                    Filesize

                    2KB

                    MD5

                    5b2e8ea010d72d7d81d4cc1cf75fbcf0

                    SHA1

                    5c1e7f484ea94c337f30ba07d42ee6c62d578a0f

                    SHA256

                    583fee45464b03de1c16ee11d2a7e94f33183ef5129c936f49584d39fbef25dc

                    SHA512

                    f24f9a81bf9fdf4847ea02f6f84fde6d4d6f58131ec3dd3c56c06f361a4838a2666cce9981c0509d9919d2fad6f6aaeebb01d0aed6d8c1e487c2d290bcff3e95

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                    Filesize

                    111B

                    MD5

                    807419ca9a4734feaf8d8563a003b048

                    SHA1

                    a723c7d60a65886ffa068711f1e900ccc85922a6

                    SHA256

                    aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                    SHA512

                    f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                    Filesize

                    6KB

                    MD5

                    fce1ef220bc019ac2abd1a97529ab92f

                    SHA1

                    f1c5a1cba30b0d137d6bb862abf45afcb9de80af

                    SHA256

                    5e3aed43b356527df44ea0f73031aee736b9d1487883f34cb6117b04d6bdb3ea

                    SHA512

                    668b282c01a166fc086edcfb1b1d8ecf5dce863f8a36a5871a2de906feb8547572eb483f291b045b78a6bac6c7940a6fdaf461aa84b1ae34d9755eb35276b194

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                    Filesize

                    7KB

                    MD5

                    174c004bfdd78da75761e0cd71e2c825

                    SHA1

                    50311a8681692a2b0221264b42b1a9a68d594d98

                    SHA256

                    05ad6bb01a572a477cd02baedc7013f830a18a48c561097c3cf562eac6a6a0e9

                    SHA512

                    03b46941fbe5f6b86f2ef335bd45c9697e73367e184148051ed7c90336a81cccd9ba56138038c631a267b1926b6075ab73db30dd5e147b1f26199c59a9853b3f

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                    Filesize

                    6KB

                    MD5

                    99a28175d1a893216c2a40b18169fa71

                    SHA1

                    5dad3f500f974588a8ebcba50fd83f5149553646

                    SHA256

                    e251d8caed23fbcc08daae1799a42213ac64961e884fe5cc7db4feaeffbb1a1d

                    SHA512

                    8566e01f23c399d7d514840a8576ab6d3e70e859462dab53eb6ba75f7d957248a8466b8960623b30b20dfeba3a26e561e549b87d5a06543d9417e5b1c37efd23

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                    Filesize

                    1KB

                    MD5

                    b01cb6b728e1f34938919e7c2f2ed772

                    SHA1

                    20efada003eb129ebe9db5b72347df7b90ef7ec1

                    SHA256

                    411777102efe84acf0ffeb42c3d0faa6ce15359ad05a27e1ea181f780365b23c

                    SHA512

                    8d1189935a7f3ba9113fa340b99c786f74b3c7f45ea62b89555fd3d23b9ce5aa099c38d12a09b89b7975da62031816488623e6be752f099e27546a201a3e3730

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b0a3.TMP

                    Filesize

                    707B

                    MD5

                    8ee8b0edbe2feac81e7c185ccb321278

                    SHA1

                    c934c15350ca5959f993aaa7bf228e2094b73bb9

                    SHA256

                    ab4e5b4d33f2875bab6d879994a071ae27a2b35f6a9a5df51d4ed98d84b8768f

                    SHA512

                    def181d04b0a1af354e7f488e2d8d93dabc1da27131eb3fef9ad225aafa0a675ee5e6636dccabf331af9c1594035cb62eb2e821a9c938d53f8da841aac2cae1e

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                    Filesize

                    11KB

                    MD5

                    14dc82f14c5a8e74382ca3674b5ca0ac

                    SHA1

                    7dc3ac359c1da7c9bfaa46ede6a6b7ab8baee527

                    SHA256

                    a0fa30286c9746dc072639db18664870148f7e248772ebdf69a73012aa46e16b

                    SHA512

                    89a31b861bb83ddcf1977ca1b190d6fa58d0e26494f981fd4ba1b413c023b7ace558ff13ff0b91749a663b8f32fe8cb3287ed6fc0801dd379b0355bf40310079