Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-08-2024 06:31

General

  • Target

    c2754a5595fd4a06b31b1046d53b8178_JaffaCakes118.html

  • Size

    234KB

  • MD5

    c2754a5595fd4a06b31b1046d53b8178

  • SHA1

    2fd27dc8bdf0f96090de29215b5cdaa4a773be96

  • SHA256

    53ea0191165d701c3923665f5cc263132995a332184608a50a327cc23639da0c

  • SHA512

    3950d21d9b8d2d23851366867d282d81d63dbe41eff5cc7dafc69447ec5ac9dbfe2d30ed75d81db0c8ce846895a3fc0145135b79ba84c61cb8c2b39ee4e4993b

  • SSDEEP

    6144:w+RELVzhXkA3d8VZQvzwV2lms5JBpknvjXGXgcHHvByKQx:zRELVzhXkAN8VZQLfh5JBpknvjXGXgcC

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2754a5595fd4a06b31b1046d53b8178_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2576
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92ff946f8,0x7ff92ff94708,0x7ff92ff94718
      2⤵
        PID:4796
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
        2⤵
          PID:1232
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1404
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
          2⤵
            PID:2912
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
            2⤵
              PID:2340
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
              2⤵
                PID:2296
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
                2⤵
                  PID:2068
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
                  2⤵
                    PID:3612
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
                    2⤵
                      PID:2484
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
                      2⤵
                        PID:2020
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2516
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:4836
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:3636

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                          Filesize

                          152B

                          MD5

                          9e3fc58a8fb86c93d19e1500b873ef6f

                          SHA1

                          c6aae5f4e26f5570db5e14bba8d5061867a33b56

                          SHA256

                          828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

                          SHA512

                          e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                          Filesize

                          152B

                          MD5

                          27304926d60324abe74d7a4b571c35ea

                          SHA1

                          78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

                          SHA256

                          7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

                          SHA512

                          f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                          Filesize

                          23KB

                          MD5

                          a0423f1305547bb6b8f5a4fb1a9fc2d8

                          SHA1

                          092dcf1fe57e6bb53821eb754e04188ee70602d5

                          SHA256

                          6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

                          SHA512

                          b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          120B

                          MD5

                          a2529e3db491fbedabaa82df7642d01c

                          SHA1

                          b995ad4d37eaaea153a9afdfb5434c0c73675783

                          SHA256

                          ca9e414b84163ffe22cbe13a8b6d1a01c70a6bbdeddd7dda8598713c5e9d6cae

                          SHA512

                          7d16a9914c0a532ffb681d7ff6b6d42bff3cfe9234c113e9b58f4443ed4367667f9f8fcee3df3fe75882f71a4e9aec83dfc9883ced503a85f241630566459e0c

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          192B

                          MD5

                          80e564da1e09594a0c586cd99f9afb83

                          SHA1

                          9d6106a3344f7ed0e4ff0e72d48882d1f95008f7

                          SHA256

                          92937a1d349670054cb7cdc2daed8d88ad57571f7a8bc977df43ed33930277f2

                          SHA512

                          9d92c3a01d75c214b102beb309457c7122134e7c7f2e8cbd6a7b5a6fe61a41473d908ca95c21d3f3fb85685332adee9e280535e46671360146784c76f203a1f8

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          168B

                          MD5

                          d8368c12330758be97ecf60e249deeae

                          SHA1

                          07fa474ca53a70ab3559e18c78fe324b1d405307

                          SHA256

                          0e542e020c7de7e9ce80482891fd73143983b1a244cdb1cd69fd61e27a57aae9

                          SHA512

                          4382a82df057d734f91b44fe817cf3b9ecae8c9ac0931a5f39ed8e06817674f58dacb1c51ca8743a2f9fb3c975d5b0f9b041d135bcbd935cf7910b0fe22887c8

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                          Filesize

                          1KB

                          MD5

                          2ad29c5463cebd65b1a99671bb96386d

                          SHA1

                          885141f97e2f549ce47409c0644313779659f484

                          SHA256

                          e201d1b2be704146940ae5421a5cd3f91cd370c1438cb651bf390d4ab863c589

                          SHA512

                          22b3fc59baea1fe8e0c68e358f82d9cb3210235f401de5842d3127ab7b5c20c115a3279df5dd6520ab92d040732b3789ecfe6666d6c485331a3f8a238632b9a5

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                          Filesize

                          5KB

                          MD5

                          1b0497c88276859ead41403970867b67

                          SHA1

                          6cacca37f3793dca9141f1cd329384e05302467a

                          SHA256

                          7c477eb5a7bbd5d272b96aa29de746da9d21d76ef71c793f48a76d6ea17db55b

                          SHA512

                          0e270ffb069b6591320fb5ae409b971c03a2f0912f7fc1b8ed0adcd98795831eb6ec9be72c670f39a7ec510597391b15ba54161f89164626389ef631c64ac3d7

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                          Filesize

                          7KB

                          MD5

                          c7a47bf656bd138dd3513bdcfb66b448

                          SHA1

                          4a925da5e7f648162d2daeeeb9b5f1f2acc29ff0

                          SHA256

                          46acf4b317382d6c3e80547aac961e1da9d2564f62d0e512a2556476e19596df

                          SHA512

                          af048b68dab9e6a19bccc66c36a8a0393429d8982a925d3948410109ac9f39ddf45968ca2521538c3a2d05be1dffa5d704f707fbdef00f108e8c6b5133578737

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                          Filesize

                          6KB

                          MD5

                          ae6e369d0e46364a28d6b2cca73d5cdd

                          SHA1

                          81c3dc48f7a673f1f9c59b68479455a91a6052b3

                          SHA256

                          a6087ecb8ac0826315144fe16cf9451d80596c076cf42a4882cb99747276d9b4

                          SHA512

                          8217ff124e8f0870a95c9dce9e80452660609bf1789d65cd257ee5abe838b5190550e364d972a27bdc3abdf701ec88bae1fdd844458593cc96a8f08b246f134b

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                          Filesize

                          203B

                          MD5

                          b293cb823b8543e98fbb485252a18018

                          SHA1

                          5c5c325940230d53f27338b4fc91d301ce8efc48

                          SHA256

                          755f881fdd4d82638fd31192fa5742fee4a7c881cacfb5da87362223197c024b

                          SHA512

                          6678a5ae6a287be24b7ae2b1edc7451e101bec3b96f0ff2689e61336048e8e6aebe01bb262451bc235ad4bce7b255f4921541f1f572e54a13516a88193565819

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d889.TMP

                          Filesize

                          203B

                          MD5

                          8c580a037d3ee6d08bc2587ca9695392

                          SHA1

                          b11b90a2b5c7b2b71491b50228e9890acd94db16

                          SHA256

                          636cf4e73c9fa05591ecf95ac21aeb1e2f9c5b1e3a4c545ec83985fc1abc9d00

                          SHA512

                          d221465d6d48e095d5be3eb6d64685ce4ff4a8c1a10514b4857cc1276f48cf7397fc15c614584b2d604c60225a8d3b29235752fec1f2ff3b0f0898255fa7492e

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                          Filesize

                          10KB

                          MD5

                          3fba0f817c9bdb2846c469fc1d83c4d1

                          SHA1

                          df70d657ec27e61b515098d8e1bcc3670c4372fe

                          SHA256

                          7d318d14150c4293da3d9eaefb72a2e8af9647560319de1d58e677a6befedfc7

                          SHA512

                          cdd9df90f33fe42219fd8f8669d239e390c366d7a6cf255b52df14aa619321fdbd6e917cb84a780a0e451611ff31c6f68d6ddd84a61389d9de87f68cd4bfb31e

                        • \??\pipe\LOCAL\crashpad_2576_LAEMOTVQGZZFHYUI

                          MD5

                          d41d8cd98f00b204e9800998ecf8427e

                          SHA1

                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                          SHA256

                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                          SHA512

                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e