Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 07:37

General

  • Target

    a474fd581db9ae5729c090bdbdb18e7a_JaffaCakes118.html

  • Size

    82KB

  • MD5

    a474fd581db9ae5729c090bdbdb18e7a

  • SHA1

    1b42f1700452692106464814d9cc8fe1c72064b4

  • SHA256

    f8f90b83badd5b0ec6e00754f6ab17a216d0880f1f870732255a44f8a4b75e5d

  • SHA512

    3af54c4f47a4bb8392e103ffc08b5b4cd7e778baaa965b4c41f4115f249d62e50b169b7b7f0e7c3e935750d82fdc8966dad4493c4e547e20cf14f74de488b689

  • SSDEEP

    768:NGrU8kcluTLoAbeVUDDkY1jCrXndmyOl1Vx+brGqx+S4SKFs+1nNtrID+/Qmv9:NGxkcl0TbeVUDDkqjaOlrsjY1NtrN9

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a474fd581db9ae5729c090bdbdb18e7a_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3492
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4be046f8,0x7ffb4be04708,0x7ffb4be04718
      2⤵
        PID:1644
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        2⤵
          PID:812
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3220
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
          2⤵
            PID:5096
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
            2⤵
              PID:4556
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
              2⤵
                PID:1384
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
                2⤵
                  PID:3416
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
                  2⤵
                    PID:3336
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6100 /prefetch:2
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2504
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:1888
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:2060

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                      Filesize

                      152B

                      MD5

                      dabfafd78687947a9de64dd5b776d25f

                      SHA1

                      16084c74980dbad713f9d332091985808b436dea

                      SHA256

                      c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

                      SHA512

                      dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                      Filesize

                      152B

                      MD5

                      c39b3aa574c0c938c80eb263bb450311

                      SHA1

                      f4d11275b63f4f906be7a55ec6ca050c62c18c88

                      SHA256

                      66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

                      SHA512

                      eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                      Filesize

                      96B

                      MD5

                      73fb94ad16bdb9ac04ee7643c859fb44

                      SHA1

                      f2f7240ec505c3bde29adfd708327870c4b7c161

                      SHA256

                      06a9b45a604d24797bfc8b3ad8a6321514531e81d58d4367d4e7e4fb600a87de

                      SHA512

                      ec2f687aa0b5d77dc12ea0becdc9aff151049d8855d906b2e3d484a1589fbc3e0e4ae29b7943b29d52712013b4efd1b86a804ec520971252bbdea450aa7a2501

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                      Filesize

                      1KB

                      MD5

                      030cb235d8dd0149917e987ec5ded007

                      SHA1

                      1baf6be8f29dc2eeed3fd970151d79b5074636f1

                      SHA256

                      14ef309cdcdb9e5888e6b37da58f67965940218552189b771285cb3abdf17dc6

                      SHA512

                      1fdd0cb0f77ff13d871cf99243b07d1dd6689a04226a75603ca73778e33c4eb0d3b6211da86c4a31380323588ceaa3be9c366ada9b04db2d9639b1ffce6a6f6b

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                      Filesize

                      6KB

                      MD5

                      dbe07f20d881cd7d2d679cb86d252106

                      SHA1

                      a988e825d5398c76303958d69946411b893a7e13

                      SHA256

                      bb512fcc07db30408e2ec08d70d76f8e74b6286ce63877d146da189032a8c424

                      SHA512

                      5c7dea2c9199fff1e540979c1f22aba61ce82e89db6a63d391d5992a9a1156dd6008d620988c6691f5789d97517dac5e53b736d1b6f014ff6cc3edba8735a961

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                      Filesize

                      6KB

                      MD5

                      92c5e155cf508ae232e4975e1fbf08ad

                      SHA1

                      83159309c192c87901341682ed67d698722258d4

                      SHA256

                      6cd62edc33e1c8abe2e407764760fb9afaef46507817d577691e2340f11cca69

                      SHA512

                      a75bdf73f45b758c0c034abbfcbbf1ca95c4599f1de8562cf24e5ccc2f3cccb569dad92b842630c3f8e9d093455412363a4ce7bf22df9ffc05a676dcda4ad4d4

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                      Filesize

                      372B

                      MD5

                      114a81c753f0287bc9909610bf4d2ba7

                      SHA1

                      248377c80b8bd7327e647126b829d8984f486f0a

                      SHA256

                      ddb7f22ccc6ed1e176d6543e704c7f3feb7bd50fe48dd276d05b09bf1fad8d36

                      SHA512

                      44f8097b46723c35aa53a1fd2edf8fd3df88a4660a62807993e28fca03de1d4c44ca64e0eebc1b469fc05e22a8965c2d8894f92b1562a8fc66c7fed1e315363c

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bc7a.TMP

                      Filesize

                      204B

                      MD5

                      653a4672a71eb6329325cba6db7820f4

                      SHA1

                      f2e8b7f21a94876fca51b493275efdc811e9332a

                      SHA256

                      38d6a0d0d0bd702b6d5ac0d94b5830c9eba49258bff024e74182fb354cca1227

                      SHA512

                      a045a18b1a2f2b6de02bbfc4eb6e8491beab9a9855f85a744d19f5a15c754ff8e5aace95b8d35805f966392b8bba4383eeb271137e904d4c4572acb129467ce7

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                      Filesize

                      11KB

                      MD5

                      f133009bedd18d338673613c2a58e32d

                      SHA1

                      2188e9092234bd85b4964eaac42ab7453534b430

                      SHA256

                      e7554a04aeb7477de5f97e8ebcf5d20e143173b4e965de8f53a920b74982216b

                      SHA512

                      dc379b6116742691293a870b70b16f9790ab8285ff4b7ea92e962207d5395e6fd3ed8c89d8a656fdc55b28ea66a6d2a9a55d16d1e9329d118595c47fe85420b9