Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-08-2024 20:51

General

  • Target

    c18e9ad0c21f2fbfe33a453758c4bdb2_JaffaCakes118.html

  • Size

    79KB

  • MD5

    c18e9ad0c21f2fbfe33a453758c4bdb2

  • SHA1

    19891ad609714fe9669f0d12241f83e83dfc3f9a

  • SHA256

    12f820efcfad7d27646b6ed73bb93f9493417e0d378cc7c097062ae5dd62f13f

  • SHA512

    e4f38d12bccfc2ecf5024c2fd2188df5c31bb3d90940dc737cddafa882a594184cd4c487947a56a9205aaac68edc61b92757006fd1b25051f30fc6731bb3ff4a

  • SSDEEP

    1536:LAzOdMXAItG/K64ou1AVZDHQujbY8U3gydz66wYTFhXmWxxrMDJ:LAzOdKAItpzou1AVlbY8U3gydz66wgFI

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c18e9ad0c21f2fbfe33a453758c4bdb2_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff843b446f8,0x7ff843b44708,0x7ff843b44718
      2⤵
        PID:3792
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8865381785416907762,2902532943188117280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        2⤵
          PID:1696
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8865381785416907762,2902532943188117280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4520
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8865381785416907762,2902532943188117280,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2000 /prefetch:8
          2⤵
            PID:3636
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8865381785416907762,2902532943188117280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
            2⤵
              PID:4360
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8865381785416907762,2902532943188117280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
              2⤵
                PID:4720
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8865381785416907762,2902532943188117280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
                2⤵
                  PID:4852
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8865381785416907762,2902532943188117280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
                  2⤵
                    PID:4452
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8865381785416907762,2902532943188117280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
                    2⤵
                      PID:3680
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8865381785416907762,2902532943188117280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4580
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8865381785416907762,2902532943188117280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
                      2⤵
                        PID:4076
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8865381785416907762,2902532943188117280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
                        2⤵
                          PID:4544
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8865381785416907762,2902532943188117280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
                          2⤵
                            PID:5308
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8865381785416907762,2902532943188117280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
                            2⤵
                              PID:5316
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8865381785416907762,2902532943188117280,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3580
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1604
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2060
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1840

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  f9664c896e19205022c094d725f820b6

                                  SHA1

                                  f8f1baf648df755ba64b412d512446baf88c0184

                                  SHA256

                                  7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

                                  SHA512

                                  3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  847d47008dbea51cb1732d54861ba9c9

                                  SHA1

                                  f2099242027dccb88d6f05760b57f7c89d926c0d

                                  SHA256

                                  10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

                                  SHA512

                                  bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  216B

                                  MD5

                                  88f67210a0de4364a2b1cac3db593c36

                                  SHA1

                                  ce54ad09e9fe83fc37458397a4f2a382fab0d59f

                                  SHA256

                                  70a387ca6fdfe19a6fa37d5c8dca6a4455eca9383d26a8d03003266fc6e1185a

                                  SHA512

                                  7ad61848bb25593f95d887d1473beaa322e5d86ed5975e26cc82089b856a2dc78e2dbfaef6b7f14c2e620a450794c1c854f6f48dd9767ca35127e2191360b839

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  96B

                                  MD5

                                  16a0eb0e363dc97b8bbcdfbe55487ed6

                                  SHA1

                                  e7cf6d087923ed7f24802070d555081a43d3ad3c

                                  SHA256

                                  9d776aeec74990305bbbaa3bae52a8bc9c64c1f625a9959a1ccf695ade143fa9

                                  SHA512

                                  ec805a54ca4ec23d0bc600dfe428ba3ee3f138787a7192308a3334c6707caa666c79eaa73222ddbc0e6556da6167dd271f5cb2358a7792d6b60bdbc43d1ca2c9

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  3KB

                                  MD5

                                  0ea5884ee4acfbcf0958cad7c996bf39

                                  SHA1

                                  c71304331589989ef166dbee5d7d4b69c79ff873

                                  SHA256

                                  f0ea718214d7dd3e7f805b98dc91d9f6e78eba741263c783f120feb97f6a0105

                                  SHA512

                                  27a1b789ff6525aa22575077f6eb7492f8ee9f2bfd66af0873802ede25daca3cfae7bbf815556e8835909e1eb96730c64f457fe110d691c5daf8c37686e8449e

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  bb917842a1591d436f210f9e6b91a7a4

                                  SHA1

                                  2067e82e796b77d6d5b83c00f74155a7d5b5d86e

                                  SHA256

                                  4b54cc343615092bbf599c01d6f6b979b211ef62300032e5bc47d952f521a2b6

                                  SHA512

                                  08ee7d5e0b10fdf6449dc79ad90de9d051a5e0ed0f5d1e380f8f35fb21e49a009e8bf9deb806b04437e64c83290602647562b55b57786a615a342be98475f695

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  3f88aef599b5a38985753e6ae3d749f5

                                  SHA1

                                  785d20c71ab236aa5304ade93f5e1ee47b5dbda2

                                  SHA256

                                  ea11be44019f82003fddd0eb0d8f64a2db05fadf01b97e78d4fcd5484e24646b

                                  SHA512

                                  ac75aee52c37f7a36c093973abcbf18c7bd1b1db7bfd720f4e11f9a6e9961844dbe6a4e0371889377ce5756ec8508da5dabad1aa25f145ed8b416e4bcf5d23fd

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  cd09cd78cc8ec5430aa1d8870c01a475

                                  SHA1

                                  123b07ca6d9457d500efe7609faaee6000d6bae8

                                  SHA256

                                  9c07795b4d6a888f6aecc060394c4a4abb45f57465acfc52e86c8823d761d77c

                                  SHA512

                                  1b5215c6c184f80adf003023e53117f0958776e297e282c7b953090a1e58f27099d174e8ac34e1875af38a603e0b7d28db6ec8561a3d9624fcf3ad0438fee1b3

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  368B

                                  MD5

                                  9edd6734be278ba9856640590139c62c

                                  SHA1

                                  fa2459c18a41fb94140513571aa43feb57b36dea

                                  SHA256

                                  621fea541827823c76e801edb0b0c2fc0eaf4f54a7cf0df5f86e1a25f1c4907b

                                  SHA512

                                  8c6c7f874c06adedd287cbe529fe83253eca7d0bf945d237ac1c04d112b8a6ee2934a9508ebc302cd023a0058cffe39ee373a18b22a1314e7f68ddbb32110478

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5821eb.TMP

                                  Filesize

                                  202B

                                  MD5

                                  922bec939e7c8a6666362a578260b667

                                  SHA1

                                  aa827776c63e8f5a85db51ef17e38cf73566aadd

                                  SHA256

                                  b5225268868fe9fdb8632cf8209b79c8718614c653931887154ec8d2141e3480

                                  SHA512

                                  528aee1be5ac5d34030be46da64a832b0cb1eb9da84750e52e8fb17418ad3b66ee7e860a07bd0db41f1589b29ef28106d96adaee14d16a2ec1ff426ce56a050a

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                  Filesize

                                  10KB

                                  MD5

                                  ca5cb7a9f871c4f1f8ac95dabe89975c

                                  SHA1

                                  a9251812b43a47b5ba0bafe2ec572772826937cd

                                  SHA256

                                  7b13aa175096409ab8bc1cf3c064188df0609c03ae99293880b728fa15fcd4c2

                                  SHA512

                                  8d3b0cd165ac3b917421cb8b6345894b5a3749ca84209d859f6e91011a17b25d68deaa639eccd9ca2c9a0a9a6b5219f83ea592b39886c3ff5aa96027d1d8d893

                                • \??\pipe\LOCAL\crashpad_2040_MYIHNDLOUSNJQDLW

                                  MD5

                                  d41d8cd98f00b204e9800998ecf8427e

                                  SHA1

                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                  SHA256

                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                  SHA512

                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e