Analysis

  • max time kernel
    145s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-08-2024 02:09

General

  • Target

    c43112f561fc5bebd1407e8799ac6859_JaffaCakes118.html

  • Size

    194KB

  • MD5

    c43112f561fc5bebd1407e8799ac6859

  • SHA1

    5cb5bbf96b541f603a3f8b52e19f6e82424b2c24

  • SHA256

    7f23e7f4516b5c9ae034f3e193ceedadfd8d7423d4b585eb43bb91fa412dfa32

  • SHA512

    8f06e0fbd9c04f407644f02eb4d080177b22ed6f845e014dc30f3ae40dd43f91876bcce9bd05d9527960b6c2dc6ba7c00c0d9ef26190a53355e7ebd6b75f541e

  • SSDEEP

    3072:tbxjvG83mbGXmNJUB/UFTBsUg3E1b3iL9t:LNXmNJdAqb3iT

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c43112f561fc5bebd1407e8799ac6859_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90a0446f8,0x7ff90a044708,0x7ff90a044718
      2⤵
        PID:1876
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        2⤵
          PID:316
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2624
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
          2⤵
            PID:3948
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:208
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
              2⤵
                PID:2208
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                2⤵
                  PID:4660
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
                  2⤵
                    PID:4012
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
                    2⤵
                      PID:2508
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3652
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
                      2⤵
                        PID:456
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
                        2⤵
                          PID:768
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
                          2⤵
                            PID:4084
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
                            2⤵
                              PID:1404
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5856 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1032
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:640
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3840

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                e4f80e7950cbd3bb11257d2000cb885e

                                SHA1

                                10ac643904d539042d8f7aa4a312b13ec2106035

                                SHA256

                                1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

                                SHA512

                                2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                2dc1a9f2f3f8c3cfe51bb29b078166c5

                                SHA1

                                eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                                SHA256

                                dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                                SHA512

                                682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

                                Filesize

                                45KB

                                MD5

                                aa6a698d1c7fc6d35265b10af5570e9c

                                SHA1

                                00da372ad4964a5d5b8afff7fe1b207ff284f232

                                SHA256

                                02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a

                                SHA512

                                f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                168B

                                MD5

                                0f847df080d718c77874f91c61eb2f18

                                SHA1

                                c391392a512073044871b8e787466af4a2fd9320

                                SHA256

                                cade211334ef3d6757b4807f3614431b62cd49e7ae0b6d1482ffd1080eedafe8

                                SHA512

                                7e3508d0d1246b94737e1529a5f0aac961f33fc556970d13e70cc48ee191e9f84109219818071864c30e77f3b50bb450fd4e0f8a3331b4e173ea4d91eb92f58e

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                192B

                                MD5

                                ce37f8e1f3ae54831426194548fc14af

                                SHA1

                                981c09e33c349dc140a54c6ac01cda4072d84716

                                SHA256

                                ce8d10a4ea3db4b8e69e7aa72291753425dca10d612e1aa61695e421df927e21

                                SHA512

                                f1d805f0ac592a644342b8124cd5f23238daf3bca0459cd539a929e5b3d91999281c7ca6b85c367aa5ef194a9ab447a127eb8e2347122ddcf60f1374eec9b7a8

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                120B

                                MD5

                                02b3b30676f3a187e6194889ba445fd8

                                SHA1

                                eb212c417a2d49638596af0387d40dc1afc45b63

                                SHA256

                                72e06f5aff0bcadc6def1eb908ec6ed26f7d8ce906f8d5fc9ff3bef390ed73ab

                                SHA512

                                645e735a400b6c22cb6ea073bfc6ba32b37e45c5a9cc585f9f345a0c297e32df16897f221517d077e87f4c53ab5bdd01710b7ce1710b85fe46c3b32e821866ba

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                37a7d7c55c7174ebbdc8ebd554f35116

                                SHA1

                                e62114463a6568fe68496a158873e3c5836b6184

                                SHA256

                                891c11bab58b466e2ea9f988b338a8a87adcae866666a214c7d51a7de8493b85

                                SHA512

                                4f0dd68c51542ab117a000807924a409dcbce5d35caddde5e5de26008f47dc2dd9aa5a32159d575a05a14352cbcbe6ac239105878f90473bf6d31d49df53ae1b

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                054fffc9f2500701948e9a32e45e80a8

                                SHA1

                                4b056a28be3f44b54a285434c6ccfff039acc4f2

                                SHA256

                                2bf26f6889da8870b8bc6d31642c6f45d3fa487197c126c50d28964f3cb16198

                                SHA512

                                af9c200b3097cdcb1e0f03ec46d0ad229df3d63c74c1419d81d8db96e3f6a8269827d28f4fd9751d9d5d2e4fb90c6a106ca81993385dff6e44093933f96827c9

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                3e3b6e08bb92e26dabb5e9de08ad4d79

                                SHA1

                                acc719c3c231c9d00ba949cd67d5550523dd1e1c

                                SHA256

                                92abc5a42aef893b450fe59930bc8f8b220db15c36df686b2c1937ff01db9dca

                                SHA512

                                91ce0656dbe46c4a1f01c2a6f59721cbf9d81b4db56af0d2c8f238ddf711c90aad78f08ad5ed9c14731c6f9627db0a29013eb5ed6d9bf866bba3db20d5034e91

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                7KB

                                MD5

                                efffc77d6040f78c7ffbe69b2ab3c09c

                                SHA1

                                a279ad71aa58b22ebb2625abd074d67a3a167bcf

                                SHA256

                                4a57bdc166fb80b6a8b8924748f9305f2656bbfc7fcf0ad8ce75c758246896a9

                                SHA512

                                f70b3b972969dd9d74ceefbc69cd197655beefa5829d66ffd633346a0e244985228b84b3e47c5c58b579b66c1a9a505c02bcb634aaa0e4e8dd9177051d192522

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                7KB

                                MD5

                                cc824d7b8a72976dd87e86989213bb6d

                                SHA1

                                03c40493bd17e1b1429281db39f72a256854b41f

                                SHA256

                                1355800e604b98cd014c7c64b1e17653f4778abadcc71fbf6d5b3673f6b136cc

                                SHA512

                                5eaea8b2d399c47cfdca504db0ba6514ad69b7ae1648b9f80096a939810e740e0353be4a0ae0da6da32abaf5bc7766c8c5568edec207b6a314e887ebb3995a12

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                7KB

                                MD5

                                d4fd16920b92ab19e22ec42bb74994f4

                                SHA1

                                f1bd088f67aee142de0a8679359b61ea94f27838

                                SHA256

                                5504db47609ef7fd4bcdc1415fdf52f4545084460b4a99278bec9e810e012b86

                                SHA512

                                606534cdfbdc3362e69d5a519d0fad1dab7cb252b2f33ad31c2d06412aa7323fbdaec5db3e97b6b82632c7c866d41e560125e5a8ca6171d3713eaf0a8d2bb745

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                Filesize

                                703B

                                MD5

                                445482d6452857fe80b4be79286ea8cd

                                SHA1

                                88cfb1fea65dd9c8c6899558c2a5648762cca446

                                SHA256

                                673c6b91435d9cd80673b44efa419cdd199c1087f984519d11006fd40e5df2f2

                                SHA512

                                aa09a40514f1eb48098106318454d0fa68d09dc5915f7555ee1f0efd3b2ac8905360bdd85803938e2415b7ae4b21ae3433c35e573fd62bd0e3afc09447c6b6ac

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585520.TMP

                                Filesize

                                705B

                                MD5

                                9122f55abd9613d08bf029c31e3a8d44

                                SHA1

                                43c55b3481c03b953e7d53f937fbec03edbb0963

                                SHA256

                                c4dc65b910bfcbd827bb1a931c942a24f5351ba6d5ad8443f544e13593332d3f

                                SHA512

                                d290e3c178e8ee5932f7baeb9294410026c1fc2ace32d0930e309c893dd687dc6123f17009683876ec4edbba2b852a100b4f54853ad7ab6c65bedf3678f1dbd5

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                Filesize

                                10KB

                                MD5

                                ccc167303ede0b96885b0739cf142822

                                SHA1

                                bf657521d4993f586f12acf7121b63c75d3d3ff3

                                SHA256

                                d873858035861bb577261cfb00567aca9f03a0cccbf2cbb1025a856558fd80bf

                                SHA512

                                34295867c67440e2ea33ef15d9eefaecc17bdc91dc9b14bd9ab53918e3626b6f081b789aac2d718d3e26b3ad4c182a4c84600492f9f6498d975c7ab2e34262fa

                              • \??\pipe\LOCAL\crashpad_2368_IYTKVCWGJESLQJWR

                                MD5

                                d41d8cd98f00b204e9800998ecf8427e

                                SHA1

                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                SHA256

                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                SHA512

                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e