Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
17/06/2024, 00:37
General
-
Target
b5fda751b2285bfa0c6c7b450820d761_JaffaCakes118.html
-
Size
31KB
-
MD5
b5fda751b2285bfa0c6c7b450820d761
-
SHA1
7cb154c9d1e8c132416212066a98b8149a0d98fa
-
SHA256
7d6dc4bb933e410ee1ac43f7fe152031f216f3cdf4c2c8b8f2576c8cbfd849e4
-
SHA512
2c11c99dc62c3f0d51a78c25afd7c194e4e4d3bebd68eaea726c00f8143a8fc01fb9e6b5af788155ce1a96e0af885d6e1aaa18f1080a9dd67dccfc20da5466e9
-
SSDEEP
384:kgYyAHEeuG8XUL7N6LpNQuIfMU9jUi8Qv2K/X:9Y9HEeh7LULpNQffN94+vZX
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b5fda751b2285bfa0c6c7b450820d761_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb750746f8,0x7ffb75074708,0x7ffb750747182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4952 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4932 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,13446235244740039510,9398206969800591908,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5285ec909c4ab0d2d57f5086b225799aa
SHA1d89e3bd43d5d909b47a18977aa9d5ce36cee184c
SHA25668b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b
SHA5124cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09
-
Filesize
306B
MD51b61b25f4e408b5d4270744be1b0c445
SHA1c0031ff0577cc9ac1a6d96578fe6b2f193218269
SHA256dee5063811b02d402cc8ce9d70d682d7a5a24cfbf247470ecd702c7888aa46a8
SHA5122f89020afcefc9189cd38a71d24f16c4a6a1b474750fd90be3e9d325d5a48e4df19a30d019f170123413f48c0d5545f839ea6d2a2d1ba94b82a8db8f9a9ec3f1
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
120B
MD5354d36dd0d172b645f06720eefc18514
SHA14d256854365e39634959b8396080d72bb8fad750
SHA25685235b43eedc071b81d93ee765b09872f70d101dd3cdc546cc74af321e0debd6
SHA512d319e3b19dd2bc4e9bcfbf9de3ce8352ede18cb6177732cc07edd76ef6a87d04336ab829c2d212c52aa792d14687ef41a92743deb51a20c30a8b24d300a74d82
-
Filesize
840B
MD5faeedd769a09a2fa70aae05283e5ccda
SHA1fea5b4d2817a2211880f6183b82e083dbbd2f634
SHA2560440e58454c2176890a5b06bf7ea05f4794e8b2268688fab6206f665d7bbb00f
SHA512808a5be97d82141168f4978cf88139037d64a55fddae02e086d5060f06b083315f1954025e1c7f5f67fd9ef89c73137971f6043ef00cb6a55afe079d21d25934
-
Filesize
7KB
MD52d6ff1962fb811bb3aab8ddf91be05f3
SHA1124ac597c5210ee8652ea539fe97bd8e3e09cdd0
SHA256ad6edc3f411069f3d2171b32535de0a6d8d370a4e6d2c68b33897ae8b22ab088
SHA512b17541477baf02d6729b07d1eaea43ae29e230d5d3e87c918aaaae33d68977499837055442368c6f7b8b298e38ba5790f7f7be80f2b76f61042226a6816a6327
-
Filesize
6KB
MD571ab1951922c0d81be313380dbb6ebde
SHA12913efe8d19a77a84583e0380748060951a3a13e
SHA2567b4fe15f1977eddfe7f8526a4fa2788a4fe8e74484df41eb9b2ccc3aedef3241
SHA51264b5de842c4050fe2412a234e48e34dbd7f685358ecca4498f59719418180726fa7cedebf5829839964618d73ef36b76fc5f75eddddc641d31563a243696cca9
-
Filesize
538B
MD5df9f111675345ca5567c74085b5c8da0
SHA116bb48ba160b449377a6f2f1e70f21bb40e699ba
SHA256b4a08bb872f65600a2b53d94eba8e64426153d27e2b48d3ac77a1a4097e88ab2
SHA5122a827e81be05629859491d242ce4f40d39eb56c2300e98f5f71c493b767040f0f25ce0339eeaddec112d45360d59d67d2836dde9b56070e45771aa597ceb4953
-
Filesize
370B
MD564942ad1be27f550bafe4a75bce925a2
SHA1cad46cbf8a17f8bb363704eeb2cd0c3b76340fb2
SHA256666c0c258a34882651a823e851a2ad5b167202965fdb8cacddc3c4204c1dd587
SHA512b15ca1f89989757ec8aaa2cb0ccab0b7a4e1d735f3e2407d74e398cdf198da27cfdabcfc3ac6bf8e0c6444ee5c6f335c62a7895402ff09ee52295c8213ff8e97
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53c222af7617f607d3ec704f09a3451f8
SHA1e15160af9202ca43693fb5ad53ea25112d4408f7
SHA2566296457642c616813797a2098ca05186c130b6c48199d98de0c5ebb5db0cf428
SHA51203de49004ee0a629fe19f1149206cdf5d3abbf953190689e34a05d95ed4d0543928abc68ea00e80136be2ed5676aa1cc23004f31dbde42e4ac8dac78bf6947c5