Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-08-2024 09:45

General

  • Target

    c2be73a4f95f55f8a6f9fef206b3d64b_JaffaCakes118.html

  • Size

    156KB

  • MD5

    c2be73a4f95f55f8a6f9fef206b3d64b

  • SHA1

    cdb8d47bb2bb31c3fa4182608d111e99912cc1c0

  • SHA256

    f3aa57e02f7cc007be102d7245d2f268a04ae186a579992a4e0cf311a984d55e

  • SHA512

    7a17bf6c64899ba5477b264be4f8d9aa76568d43f81636bbeed984192bd2c2db96e9ba52076e69107c37520b161a3b6f188c929cca89d4ce35dd6d4d323c2c8d

  • SSDEEP

    1536:M9tIvOBO4y6VxM5iUejbVOeyE5ZO1pSZmPe2SQyQt9I53lJdD:M9tIWxVqcUD1pSZayQt9I53lJdD

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2be73a4f95f55f8a6f9fef206b3d64b_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd99e846f8,0x7ffd99e84708,0x7ffd99e84718
      2⤵
        PID:2852
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
        2⤵
          PID:4504
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1156
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
          2⤵
            PID:1376
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:4872
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
              2⤵
                PID:508
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
                2⤵
                  PID:2824
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
                  2⤵
                    PID:4252
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
                    2⤵
                      PID:4928
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:2
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2792
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:2160
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:628

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                        Filesize

                        152B

                        MD5

                        f9664c896e19205022c094d725f820b6

                        SHA1

                        f8f1baf648df755ba64b412d512446baf88c0184

                        SHA256

                        7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

                        SHA512

                        3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                        Filesize

                        152B

                        MD5

                        847d47008dbea51cb1732d54861ba9c9

                        SHA1

                        f2099242027dccb88d6f05760b57f7c89d926c0d

                        SHA256

                        10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

                        SHA512

                        bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

                        Filesize

                        67KB

                        MD5

                        b4b711f3e747704ffe02b49791ce8cac

                        SHA1

                        ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

                        SHA256

                        f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

                        SHA512

                        b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

                        Filesize

                        21KB

                        MD5

                        c3a1bf5fbff5530f55ad9f9fa464f25c

                        SHA1

                        449a621b775cbe1d3ab69c54a0e18c0ccf6d6caa

                        SHA256

                        4ea6b3a39d794db93d1084770cc340272f8e5ffd5cd8d0c05c1f5841e5dc13e0

                        SHA512

                        75aa617b33be2eabe9f67166d14939d58abdb2396b9911dc7ba612130d2ba9adfc90a3cc9b6de4dd6cf8731c90f2ca74b7f9cfaf4a9d0bcbf90d03c907e45a54

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        264B

                        MD5

                        1887a40af4f0bcdc50d0e1d2d9599001

                        SHA1

                        0e81ea0e1f3c549270bce74837646b7f233042bd

                        SHA256

                        8b1177a5bd70e3cbb9f0d28dd52022c3f96570c4c5e626283742d15b369bc217

                        SHA512

                        55b6b8140335e05b2854d426e3e8c3dd8f00fdd1d5bf7e4797ca8b731c0bce48211a265902d01c28aa24abaaa6e2fee864a2817567badc93714ddddbf01b9f5d

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        384B

                        MD5

                        7045d9a9779408b0863d0c8262880266

                        SHA1

                        fde80fc60b6d77345891e9a8e1a6071417ce6efc

                        SHA256

                        250ca9672f6d7c73f15f8577462449c6fc1cf3b7d727aacdebe7da4f49a5875a

                        SHA512

                        7829bcccbbbae81d5f9960326b3bdd87859dcbfacbdd18e3b14a46813c3844e12f278dbf7981c16f40ad2632407e5287fa7f83ef9dc6754d996d4b86249f1ff0

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        408B

                        MD5

                        1622528d24358772983faea01246d090

                        SHA1

                        4d6b3966eb21dde7994b4e5062692f171c3efe7b

                        SHA256

                        9365c97e79cb143f205bc509be7410643be7097eefe29d5e905f4f52c357bff4

                        SHA512

                        a9cd0d49440794757826f9113ac7f1fd98d986548292134f5b0ec76f59144a55de71a6cbf741a4c609035957cfa411c6e3eab4bc7e8e02b9876e3a35f581101c

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                        Filesize

                        3KB

                        MD5

                        21bde408fcd6f7f8179184d7f9532027

                        SHA1

                        3d8957e0a53d17ce9e463c7718270fbabc8f6dfa

                        SHA256

                        61f039e97fe2b413664dd857f2484c4f67d9589277361c0b453a69eddd4b4884

                        SHA512

                        9bf7745b9a737ed622e1bcfd67fb2262e30d638da94277fcabd3b18d0dff1fa4c5213f76fa79a2c79fdcc710f3485c3fdb53c5150aa5e59ec37d7c4790fa90b8

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                        Filesize

                        7KB

                        MD5

                        bc32aed5dff256be76dd3945f996c693

                        SHA1

                        f2aec75b5199db50abcedf1569d7213361bf9d2e

                        SHA256

                        3298f5a302722df3677d811c74206878af30b56dc31a2ce0cf80b4cfbf8b0564

                        SHA512

                        00c56b495ca862e7be9beeb6616b2aaef4e50345f6c28a9eba5e28c6948cc30b8b05bcc01dce94e9fdb60a5220c43045ee31d3346b2d0ce51c7809d6dc55b500

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        1378638a44cd82d525e1ebd9250524da

                        SHA1

                        cc357a63bf38c57a691b3faf6bfd760930f3185d

                        SHA256

                        c32e7dcb2d65eccc427cfcac9c11dc0dd219d8211ed0c2a53971f37d00fc684e

                        SHA512

                        c95d9a424a2241b757fed9bc8531c91c19a7682248de9f277a6c555a8cd182948144cfd58cc96b900c9b1d63d5ed0f2849cb9278097afcb1dd32f9a62554de04

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                        Filesize

                        869B

                        MD5

                        36381f28abfef1c10b708c80f586030c

                        SHA1

                        697d2bd1b9a0fa65adf5b64a25c23de53d5959cf

                        SHA256

                        d2188da648cbf665ab3094edabb12dd43db35518a8465f93fef1d675b7ecef03

                        SHA512

                        ad8c0be0214f39e7cab00a56035521594558c094e06f2a80aa9b0931191b6d8edaf4aa435c50320b5709120aed5699a2c5bf87a3feedfaf3163173d91dd238cf

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582d16.TMP

                        Filesize

                        370B

                        MD5

                        0581e76c61111bb2e95ca89be7e7163b

                        SHA1

                        e6af8027a46f39f77bf2afd9a8943ff22fdce5ee

                        SHA256

                        5aeda19c86cb79521196bbad073822afe18b276a89f55587d644f6d12bd302c7

                        SHA512

                        6efef5f010afb932c5af9163d2d76816a402dfb43206541f228eff7a59d8f9400be68af2471a4a040aee65a195ab802b7e218208c8b3d98af06536cc0c2abaca

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ac56d401-6be1-4aef-bcf0-ad14e67bbb6b.tmp

                        Filesize

                        5KB

                        MD5

                        2ebaf8f991045e4654a0bd10a626bbcb

                        SHA1

                        6173815ca25a59cf216bc00a8edd44a914f858de

                        SHA256

                        a8c3cf1545e27807e7c4583b315e0fbbfe292d183b69005590cd33fa85de046f

                        SHA512

                        4f6e124414f0e4f014b9d1648160b7c8c17fb4ff2abc777f00c03ce8d22e12a84fd5d3c5aef81ff1a1444f5a5ea1d09d6e495362a4fad68f043c1c8d2e0efb85

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                        Filesize

                        10KB

                        MD5

                        e3e031b53a6f50a0738233e06b147129

                        SHA1

                        5720b114775d725e0a09adf707208d37109e4160

                        SHA256

                        df35a2628f0bef4f4389cd2b24b2d48f6b9175825c88db082c8ef8d241a7626b

                        SHA512

                        243c03df2aa2434cd575236dd5f3fc9fd28fa465cc5ab5592fe5f7c1508c9310432e68ff56de14a959a9e95badbc42d328d141af10787189c194661652a5546e

                      • \??\pipe\LOCAL\crashpad_3064_XEQPVFQQCGWKSGVY

                        MD5

                        d41d8cd98f00b204e9800998ecf8427e

                        SHA1

                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                        SHA256

                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                        SHA512

                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e