Analysis
-
max time kernel
147s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
11/08/2024, 19:52
General
-
Target
8bbbeeb60f10d52b5a4690108eaf9d85_JaffaCakes118.html
-
Size
124KB
-
MD5
8bbbeeb60f10d52b5a4690108eaf9d85
-
SHA1
414326a9595a435a3ac88fe8502792a3ec12cb08
-
SHA256
88bb37c096bb366028ec22f311dcc6bdfbacb5f8e39c4016223e966b4b0cadd7
-
SHA512
c08eacaf4519bfb63077732e876cdb42e81e8eef3489c198c8ad9524755b469100b16b58507dd9603eeb15ec4b0a52b3fc22fc3efe2df5ca860052fe44c2542d
-
SSDEEP
3072:JzrGymOAcBWyeAcBRpdeN06D8KaFpJyYcd6SPlTJc60T//KILchzhhwl:1rGyJAcAyeAcXpdeNi7cJ0F
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8bbbeeb60f10d52b5a4690108eaf9d85_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea18146f8,0x7ffea1814708,0x7ffea18147182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,12257951693648434571,12384325533768516022,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7676 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
67KB
MD5b4b711f3e747704ffe02b49791ce8cac
SHA1ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89
SHA256f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1
SHA512b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db
-
Filesize
21KB
MD5c3a1bf5fbff5530f55ad9f9fa464f25c
SHA1449a621b775cbe1d3ab69c54a0e18c0ccf6d6caa
SHA2564ea6b3a39d794db93d1084770cc340272f8e5ffd5cd8d0c05c1f5841e5dc13e0
SHA51275aa617b33be2eabe9f67166d14939d58abdb2396b9911dc7ba612130d2ba9adfc90a3cc9b6de4dd6cf8731c90f2ca74b7f9cfaf4a9d0bcbf90d03c907e45a54
-
Filesize
336B
MD50c9d57b9fb911bdb7782eb76dd83724a
SHA1c7d7b978d03d62943ae280befc97d086f7513b5f
SHA2566176402fdf1bd87981a820da7bc8fb3ba23def51d5920ef48761d3f5bf301cc9
SHA512a472122b86579fa19a8d86db034ddd7710f33f9fc4304e3d53c896dc903d5896bdd0f9b22ab7ac7002e4fefb905412d77454a89addadcc43a95aa13a2ce63a1e
-
Filesize
312B
MD5ad2a47ba80adf3bf8a21d52deb20c5c3
SHA18222dd32622c224bb320c0836071a313d80e58b9
SHA25600b11c2d0b789056fd88cdfaac157f3f5b0d2a1a22d1ea884c680a410cd3f9bd
SHA51221feed261df98b8be26ae673e210a141ce02ee4831611c87f9dc9fd443cc9af3f84366e34bb8cf1f823233dea88bc031a1e96c25e8521f1bd8854e5400995b7a
-
Filesize
3KB
MD57119cb7b7426dfe03acafbecdb385316
SHA111912e37b06c39a2478ea76b372f2427f70b8b85
SHA256d425ee1de91c07524d5fe6052b143577c6ae1b867294c82eaa5a0e8ad119692f
SHA5127a16b26556c57810505992369a1319cdb1e466c48654a3e88042294542c0a94cf4eee8c2dc76f60b5629364747c5e3611f062ac8c78b45091f1415a807d65640
-
Filesize
6KB
MD50ffc0a8870e8fa7ce2958031cf5c094f
SHA1bd51d45ea382f1d78a7871a999f3339ef7f693a2
SHA256cd042787b72961d67e74cbc25045a9622fa0a01847e241fb75b2a93ae6cb576b
SHA5125a528e389297229e15c3d6329a14a5dade536fcdfd22c42ba76c66129df11ab36da4577031c6ab238250189ad0c31155aed8ed2f9388e1efbd020ff2c2b78425
-
Filesize
9KB
MD5f19b120efcc178996d7ba6663a06c020
SHA17a413a0118290e56596df485876717a1e00c0306
SHA25636aec55d22f07478923ef45fa449f51148a3af665859a2c0fb149280658afaf1
SHA5126edbe985a0f76fce1d22990f3c0e9772d678538fe2894171e6ad24ff0ec3f415dd9f4500d4b3286f7ad8c1afeb5f91d8ea6e60e1904cf88ee6cc286880fcb7f3
-
Filesize
9KB
MD5fb4b3e8057fdd78f446ff70c74867a45
SHA1abce1fa959738a2965c73673336b352b1cffc3ea
SHA256102395432be61e6b9c6c27f90a4071f6c45e2244a215eb75ec577325f2d87d2e
SHA512998abcc9ea78a129663b8e1d21d8a23891ea8dea38c63ddb3213a92a68be991121f34cc2bc2c38446ad0a5aff6f7362ed5cfaeb334c42aba856a5b9c8170a09d
-
Filesize
1KB
MD5140c8a2fdc7cf41d11c501d88a1e3880
SHA106760303a56cc9475de083904b97b2bfb73ed567
SHA256e624a36eff165cead27bbdf3f9ef254c91c1d506d3f5af406aa934ff00d0b37f
SHA512714bf14e1877d82d6a38476482f57a2b1c9231e3de179777515e1b0feb75b24079e4296feb2f335fc928d47a6cd82e3eff2c15b524b0c895b28d11eccca994bd
-
Filesize
1KB
MD52ac188e5f93e969d02a93116e192ca87
SHA152c6e8c00a739c2946826f761a6c4a31be9e9819
SHA25688eb6f42e3c2a273d1f4223b98cda90c38d6df1e804c69faacfd6d8e0b0a34a0
SHA51246c59195ba5a61b63a318262e90d7c6c2ae2c247dbde8dd31d7b1a65dd7f99722ab38870e6bd788a2ba4dcce926c38b9b8db7d048f03d81bddef5f395410808a
-
Filesize
8KB
MD5efe94529cef4301b883f3db25a550e2e
SHA189184f07e777111405ac2a57e10465ba0e912cbb
SHA2568c48689f70b737a2450b974bb1566d90d2aee475f886354c38e71b16d9e903d2
SHA512574166c689192369a05626d6e40982f355d8f4a4277dc6f909fa476faf77c1db8505df9bb1facc16400fa793d70e3ecab23d3c51663b128a6829b0a6b157756c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d29402c50d4367b29d93229027569a30
SHA1b0597a01720006bd6caccf21628eefe253a4e35f
SHA2562a5839645a61fd2d17e66217d9f31c00e502c256f950cf53a58331f30d359f83
SHA5123ae75354f878e74ea724a0471b8665972eedd2be8a9eea953b6973640bdcabf6451333d7e6b41b07da2728d155f32f38acd04b7ee504518574211d473ff75e6a