Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-08-2024 20:10

General

  • Target

    c17b070beb7ded3afa2e64b7b6bee89b_JaffaCakes118.html

  • Size

    29KB

  • MD5

    c17b070beb7ded3afa2e64b7b6bee89b

  • SHA1

    15d267625d6adfdc1fd0fa6ae90f7dc2619a897c

  • SHA256

    733b8d64e1f1dc0bc3a581f59b5712f90f1e4075b0a7111d7e3c845207b0f3d4

  • SHA512

    43022eb143179a01eab948ffbdb67af3b928b13b39c95abd2b0aefc7b70c905c1ca600083eb56426729ccb1c3aa103dfea986e2a061e69e12f336f9dcb054db4

  • SSDEEP

    384:GSN/3xNNsyAWfRiGCfBL10tUcfa7Uxceuewe2G9vuqvv6:GSN/3xNNsyAWfRTq1IauwA9v5vv6

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c17b070beb7ded3afa2e64b7b6bee89b_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:400
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebdfc46f8,0x7ffebdfc4708,0x7ffebdfc4718
      2⤵
        PID:3380
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16546269683334422316,2317155328273258244,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
        2⤵
          PID:3632
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16546269683334422316,2317155328273258244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4252
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16546269683334422316,2317155328273258244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
          2⤵
            PID:4984
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16546269683334422316,2317155328273258244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
            2⤵
              PID:4400
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16546269683334422316,2317155328273258244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
              2⤵
                PID:3652
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16546269683334422316,2317155328273258244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
                2⤵
                  PID:2560
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16546269683334422316,2317155328273258244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
                  2⤵
                    PID:2296
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16546269683334422316,2317155328273258244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4432
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16546269683334422316,2317155328273258244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
                    2⤵
                      PID:1128
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16546269683334422316,2317155328273258244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
                      2⤵
                        PID:2984
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16546269683334422316,2317155328273258244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
                        2⤵
                          PID:1732
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16546269683334422316,2317155328273258244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                          2⤵
                            PID:2148
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16546269683334422316,2317155328273258244,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1840
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1872
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4120

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              9e3fc58a8fb86c93d19e1500b873ef6f

                              SHA1

                              c6aae5f4e26f5570db5e14bba8d5061867a33b56

                              SHA256

                              828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

                              SHA512

                              e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              27304926d60324abe74d7a4b571c35ea

                              SHA1

                              78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

                              SHA256

                              7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

                              SHA512

                              f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0f64ad02-4fe9-4a8f-bf83-bd3b8c180e2e.tmp

                              Filesize

                              6KB

                              MD5

                              1112f191898fd3a34a437a92d1813cd6

                              SHA1

                              48ea23be904e9948e518fcf2b86adaa3abf91084

                              SHA256

                              b57322a600fe1455be0ff539a9154110892306081f47a8056bd6aea878ac9be2

                              SHA512

                              acf6ddfc3b5b0132a90ad93609c7ef587b26cc6b5fad9bf52c33a64a33dc8d53d93eb74a0c88a59d70247e471d1e9263506b29d9fa0ed967bf42e1f75cc7fc6f

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              96B

                              MD5

                              3b43923fff08f5ea2ad15c941d25d236

                              SHA1

                              e3d76908351e00f2ae8eb6e62b9830a3b1cecf9c

                              SHA256

                              0eded92482af4dbf3c1fd51ccac95637dc9abb7b171d49188e732e065402c51f

                              SHA512

                              24ab70950575480ce6b9b27b17cd28f10a0764ab44e2cfd61a4614cd781ac459aa3a3f65ba68482b5709265129dd616386b10c04660015355cbd62e8858569cb

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              256B

                              MD5

                              63ff2ae8dcfb6d13567ae01860735b66

                              SHA1

                              002a93b593f8f51a70924eb7f80aa9341a5842d7

                              SHA256

                              972ab4fb27f52d221e2fdb80cd759bd93539253bfe50d2efa0a17f74c2e4ccb7

                              SHA512

                              300a33655a5ed50d92e86ad26584b8d808cad166ab43a3b9505a2d01e1d3f63aa7f4b73da80db28942795322dbc7bf1711aa98bbac9b2fbcd408b2e48f86ea86

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              897ed908c7b03529910734279f70a780

                              SHA1

                              4e5a5d1dfe369fb302126ecd1ea21acde2abab25

                              SHA256

                              61e64f007b1aaced8b4d5e189fb1f53ba0f1bb46ac79c9cd6d0d8eaebf014be3

                              SHA512

                              4f5ab8c61c8fde5da9f63d537dc94c6c7be025ce24778a7f6aa40dc35bdd752ef74220e7341e3200fb91681fa551627ca588a1a17af903757814f58e2ade1630

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              38d59b58df8b7fa5f33ead7ec889cc46

                              SHA1

                              c33ea366a36a44ace96ac44125ecd9d84b34f731

                              SHA256

                              fe8636e7febcc89a9e52b8edcce4c97b39bbcdf26c9679e741999db3a3693b5b

                              SHA512

                              b5198b42eaaf14c109247ea6a4ef109c1acb5877eb15b42c9d1e39766adeed2007ce9970bb52a61739d0ac8715121188cb2ef9251a51b4523419551d2939cf64

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583208.TMP

                              Filesize

                              704B

                              MD5

                              b9c1ba32bb8ef8940343df753269e8f3

                              SHA1

                              6aa7a1625e6d7fa6bcbe041deb83e0543b879862

                              SHA256

                              68fe2f22a73a5b10ee05ba92ee2cbad5a2dcb83431bd7f754067e15d83adb18c

                              SHA512

                              aaa580bf8f4e88f36bddb67e56b479c0be69a2b99ef7cdf3702aabe7f5f0af2eea459b5863a499732e0a40c0f415a6c36664287cc123110168905421c0e657ab

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b059951c-17c7-4da3-a90e-4fca7e686d13.tmp

                              Filesize

                              867B

                              MD5

                              fb94978b55aac1ea75704610ebc4b0ce

                              SHA1

                              7aba1c02e640d480c7689861749ab02893683576

                              SHA256

                              3e7db06e22e5da05186adead49386dc813af6dd121ec33c3a85ae5ef0e653f9a

                              SHA512

                              ca0f8daa2318e19122122d77bd9f7081b46af21699f3d36977f4d73ef37cd75e39db0b0ea609c4e6185f24509d69fa815e64a0cff4c88f124c0f16af2431d3c0

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                              Filesize

                              10KB

                              MD5

                              6af271a898cecaddf2dc61be3ce468ee

                              SHA1

                              cdf091b40a0e2ab2531289b1fd942056484cbb62

                              SHA256

                              30b2423e7d83f628b8b887ec9ba18093715b7dd182e59b6a6acdc6a9e5a923b2

                              SHA512

                              a9dd82f4c926cb292f2f9778a988ea519d4a80ebf5ed2c227599a84345afb3d7cc6ab4a35f178eded2c2434e7bf7f83b94e907b7d4f66bf7366ed9dfa1040f84