Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-08-2024 10:28

General

  • Target

    c6ac00e7e54bb6bc10de9e2d2d781dbc_JaffaCakes118.html

  • Size

    133KB

  • MD5

    c6ac00e7e54bb6bc10de9e2d2d781dbc

  • SHA1

    1233bc4ea2769ae2779d748d574bb458cdf63583

  • SHA256

    878a6db2cdbe4aeedc2c8192787550ac32f2ad15502ce6c528565827a96eee50

  • SHA512

    2f9aca940b48361170cb3629e9aea8cc433d0c81852d58ff623f971531d00ab14f722e981bc120e84b25ed7547510c3edff0bacc7063187c391d4220dd7ddf9e

  • SSDEEP

    1536:ALNCGEx04K8E6XqdqpIgHwOYJIojTIQBRKGfGAlhVZ+cw9qaH36xFo8qVjswlqT9:ALNWmKXqYGeoFo8qVjAbSzZm

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c6ac00e7e54bb6bc10de9e2d2d781dbc_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4160
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff8af5e46f8,0x7ff8af5e4708,0x7ff8af5e4718
      2⤵
        PID:3060
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
        2⤵
          PID:3696
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4984
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
          2⤵
            PID:1148
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1
            2⤵
              PID:2340
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
              2⤵
                PID:3000
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
                2⤵
                  PID:632
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
                  2⤵
                    PID:3796
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                    2⤵
                      PID:1252
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
                      2⤵
                        PID:2452
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
                        2⤵
                          PID:1484
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 /prefetch:8
                          2⤵
                            PID:1184
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3932
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
                            2⤵
                              PID:1524
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
                              2⤵
                                PID:1504
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
                                2⤵
                                  PID:3604
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
                                  2⤵
                                    PID:2284
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,10905340174730803937,913546524740449336,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5664 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1484
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:736
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:1532

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      ab8ce148cb7d44f709fb1c460d03e1b0

                                      SHA1

                                      44d15744015155f3e74580c93317e12d2cc0f859

                                      SHA256

                                      014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

                                      SHA512

                                      f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      38f59a47b777f2fc52088e96ffb2baaf

                                      SHA1

                                      267224482588b41a96d813f6d9e9d924867062db

                                      SHA256

                                      13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

                                      SHA512

                                      4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      96B

                                      MD5

                                      a421ae905b3fd43135911248ae19412d

                                      SHA1

                                      815abb5d372c76f89d4aca141fcc27846a24625a

                                      SHA256

                                      912f08db747be78d8d919e836dfc082f48d9ad5a9cef56acdca7ff1050deb239

                                      SHA512

                                      6d19512124abeeb4cb25439d507e234fa2f5b25317876de969cc7ce88f44fceb136087a07e0d34ac6f8a2a0d8c98cec73e3f4414851292a585ce836743d16d55

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      1KB

                                      MD5

                                      c610d24e23e52230adef6f19da5885ec

                                      SHA1

                                      8116965032a76ebb1492780f5db1e35a8a491406

                                      SHA256

                                      d6927e92c9739afbe8af7de4f1828e202bedd02ecedc8625d9dc91ba9b998c01

                                      SHA512

                                      f3aea07e08108981faac998ee7c78cf1af7b05b26e61d61fbc2700ae7878ac70352ce819bc50c8941c21b3159419f7ebe821266bbd24081ff46dc5ec535fce92

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      b55ed0e1e95fb76bf7040bfbdb9f763e

                                      SHA1

                                      95baec6f2bf9e6b49b58adf940b581ea31f8e27e

                                      SHA256

                                      f42ebfb666866b0b549ec74682df3ba8f0005d81c85cc9ecae7d13b40a330b38

                                      SHA512

                                      c4b34726beb5ec831fc26c42f63ae2c54bc1022cfd5d2653c6bb1fa6a5433d794dec687f0854f79e78cefdf44a9ea44a0a9405fb93b92e860f96634755639b02

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      856983b4bc45a1d42f1a1de40a73ed52

                                      SHA1

                                      239bf8e9fb0acdbff880f7c6701f3c9f7b68cc56

                                      SHA256

                                      d238b9e5ae3bb113c96c458adb9ad97556200aeb623588c56569a345b12d7fd2

                                      SHA512

                                      746f943af67e1cc29bd12244d55fc04ccab776035ff8c9b88131206bc1326b8c6f10c88b918eb663abb55a4f90a9a6a27a51e8d24fc1cab045333f43f54da998

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      a4ae9762ae929919bc798e2a416f25cf

                                      SHA1

                                      7cfebcb2d5fb1d6e85123f9145ce786e78caf59d

                                      SHA256

                                      d3bca0ac164dbe6b9877c7e7065f03d94414bae2f4b70f1840b4b0e0d0bba84a

                                      SHA512

                                      3be29585dbc39dd46d7672d02f68f2bc2e2c88364c2770558b1903680044b9be2605282b902f4a2b0592636a834fbfe7db97c7fe80b8eb91ccef2f0479c66887

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      fceeb8b10fe14196b8fdd52ae383bd8e

                                      SHA1

                                      edc10a02bcb76635827851faabbd287e3309b399

                                      SHA256

                                      224a32c31f8ff93abb46fe52d236e46cdc73eefa17231bbfe0c00406171b7caa

                                      SHA512

                                      77928bcf196dc566a6a5c55f8126d36603a1c95c9dba1a819d7327fb056d2708a84c506d274194e24c264bb053570c4a88b6342fa945dce69f3f69cdeb421aaa

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                      Filesize

                                      204B

                                      MD5

                                      e596da518f109f3836389f637fc44898

                                      SHA1

                                      8069067c1f1d26ccf2e5c87d89895d04227c545a

                                      SHA256

                                      ed0bd74dc1da2cf0dc8652322055fea4623c75606edeed857b6195e44819cbc7

                                      SHA512

                                      3879245381b8a51682d6ef2fc1fcbffc39793d4f75c09c28cb8c36d9dfcdfaa1d209458142cbee220db95d999ce3a6fa603df3f4642f73a47d32689bbc601326

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5802ca.TMP

                                      Filesize

                                      204B

                                      MD5

                                      dfa913e0928d3229211ba8e2d3344057

                                      SHA1

                                      9c6c5422722b0ec36b6d4015530874359aa80445

                                      SHA256

                                      945a92e597f4f56ad37c32990e3bba2e0d20bd7a00bbee650798eacf1d3750d0

                                      SHA512

                                      34633465be227bc821ace06017b818c6733875a736ce1c1ef62405ff4f6176cbec412921a6e9c010f949c9d5a7004c991670dfcea5ba81fb420ab58781056d95

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      10KB

                                      MD5

                                      c0cd901434ad6a8016b0875f8ecb6b46

                                      SHA1

                                      a11e62433f8d8991910fa6547c03babf8ad69547

                                      SHA256

                                      9005bb4c243ef0677c771fa6e316834d73c29b85b40a71cf586011cddb16058e

                                      SHA512

                                      339c984f797852ab5e4ff770437d97dfee75ab268b9c33e3d9bef4e8e9d52ce3d787bbaa048396a41685b1620f8ee0e760622f152e28d89c06148d2f5fc8e60a

                                    • \??\pipe\LOCAL\crashpad_4160_FLYKZBGWAIBZJIPQ

                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e