Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-08-2024 05:29

General

  • Target

    a15b4939bf8c8c02e796af9741776448_JaffaCakes118.html

  • Size

    272KB

  • MD5

    a15b4939bf8c8c02e796af9741776448

  • SHA1

    901fdaa711f2f6d0d4ae8283db8fa3df5c69e21d

  • SHA256

    5601845e0df106b91b3d4a739f7a2d4f9f00d4733b2d230dc2819220d9d2ca49

  • SHA512

    89dba06236008fe7f766578d00daaec654d456ebd9139324cb8e23b9c189de28d18c8ca41a90f64a00057fb1f5db3d21a25c0d857c2c674f0ee2628c1a1b50f7

  • SSDEEP

    6144:GRMRYeE+y630styzBzSzmPtocC20IusntfO8/3KHjtcmD:CMa3630st4Pt9C20Iusntm8/3KHjtLD

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a15b4939bf8c8c02e796af9741776448_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:936
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd91b146f8,0x7ffd91b14708,0x7ffd91b14718
      2⤵
        PID:4704
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        2⤵
          PID:4564
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:692
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
          2⤵
            PID:528
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
            2⤵
              PID:3120
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
              2⤵
                PID:1392
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
                2⤵
                  PID:2508
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
                  2⤵
                    PID:4296
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1
                    2⤵
                      PID:2732
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1
                      2⤵
                        PID:1004
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5828 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:216
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:1912
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4392

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                          Filesize

                          152B

                          MD5

                          ab8ce148cb7d44f709fb1c460d03e1b0

                          SHA1

                          44d15744015155f3e74580c93317e12d2cc0f859

                          SHA256

                          014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

                          SHA512

                          f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                          Filesize

                          152B

                          MD5

                          38f59a47b777f2fc52088e96ffb2baaf

                          SHA1

                          267224482588b41a96d813f6d9e9d924867062db

                          SHA256

                          13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

                          SHA512

                          4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1650d2b7-cbb5-4aaa-aba5-d8f459b1f796.tmp

                          Filesize

                          1KB

                          MD5

                          80a4d679823368e6c1e68ba835528bfc

                          SHA1

                          e48510766da62cbfe8c8845250b0ff40f40d5ab4

                          SHA256

                          1b428356a4a405856876564980d3a303ad710e9d75de4791957cb9332feffa8b

                          SHA512

                          f885d395114fc18051ea7dbb7d26444fd8f5810ca4dc3b461aaeec6d163892db516b73a0865a3659b488cd0c9e6c0da0424195d0729b03faf248b77c230be008

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          120B

                          MD5

                          484d3e4a7db4f92cd56126e412a795a4

                          SHA1

                          b68adc06c732e95453fea93666109411749ce8fc

                          SHA256

                          fe6e78c5172498f27b461659ac630d1e3df891fed81105bf09e247177a6b9a58

                          SHA512

                          b6270f8457dd733c171357d43fb0d70a3232f8197f632b5350899eeba4edbd0a7097b83256c3bde49095953544738369c1f85495a9386f5011e4539cd3cb02f3

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                          Filesize

                          1KB

                          MD5

                          1701f610e8b8f0e6e32f7cb6fece6b12

                          SHA1

                          7554bf33f7e1c8929e62ace172eb5e40291a9469

                          SHA256

                          8b806ba4561fd67de4baf7a84e4ff7819533eb72860563b8a060e9ab58c7b5ce

                          SHA512

                          ce325f622ad084a055f2e3d96d811426a0b5a50a13bd4d505fe68a3daff366e4ffad6ce665c1f69c920137c89aa4d517832624d9e7f2c2c4539428b752c2ed4c

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                          Filesize

                          5KB

                          MD5

                          5508a3ccb7ef803f97c17c1104cbbdcf

                          SHA1

                          1eba8a0bbe1f373db15cac0d4d3b640d59ad9b94

                          SHA256

                          5505731dde118a9fcda08d39ceeff52001e0e495b8716d75e77f791eacd39c89

                          SHA512

                          d38829711885054cb78c78a7e7dd601c1925637eb994ebf3e6f2cde10e90cf04e45c8a604ab0fce9d2ebe945969eb3d90e9d3d85e6f8c1b7829a78178f0eeddb

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                          Filesize

                          6KB

                          MD5

                          2303940c9a433cd6220075073081026c

                          SHA1

                          7d6e6605bd52af6b317ef67f8890b5f6f726e7b2

                          SHA256

                          48ee4c245472399c6c11fb8e59070b9013dd0df4e2b3f143cb7229ee1be73a32

                          SHA512

                          2c4edf75ef058d8c0338dd30edaadabff9345c80e45458a275a0770e407ff669243331d7e7b6f4804688c5bd6d392c6e92f8cc53c0eecabc58474570fb540972

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                          Filesize

                          6KB

                          MD5

                          6e46187aa274ee2ed92804c4707caf4c

                          SHA1

                          5b5f2c56656d57d8915ac230eac6953f457eb859

                          SHA256

                          6add85234c7ed03c255fa6008e944ff6585d834c189d2c44cd9e35549c75b91b

                          SHA512

                          5e5f23eb9f8c3be63404ed559749a83215c3b0c17af641262326945717ce7aa4bb775510e45d37408978a5a4c7f0d20bcaae78b813bb503613d0dd00b3c9a50f

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                          Filesize

                          10KB

                          MD5

                          488e27a714d2039dd2ffe4bc0e0c2d53

                          SHA1

                          ca58a37ba1f169710ecd603803e110a18a292a7f

                          SHA256

                          7fa5c91c3a2c8d949492defe33962fe1d239f0ad6735f69e9fe4971f021b427a

                          SHA512

                          46dc4e29e0dc815fbc8580b85809988f8964249d4b9f3b4ae8b18bffd7e5fc8b94c56cd1f9cd3cbdeb94dc6969780f791d0d506bb14937f7a2da46d48777ae22