Analysis

  • max time kernel
    145s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 01:15

General

  • Target

    0835ad2ce6d19fbbe1b3e1261ad901df_JaffaCakes118.html

  • Size

    56KB

  • MD5

    0835ad2ce6d19fbbe1b3e1261ad901df

  • SHA1

    5ffeb972961ee457dfc139c213b9517f9041f768

  • SHA256

    c984a2ceeb3823abd562d0213eb25cf210d3086c53a20616c70d603d81f57152

  • SHA512

    7ed9681121fa26f59fcc4c92ca5c7c3bd2914870e026d245de9857be3e588bf7b76f9ddfd1aa021b684a5e0a45513e27c1d53df63a63fefb80e2b3232a54130f

  • SSDEEP

    1536:S95lfa5056gn2/FmIhBylwI/SK6/IRpU6CsbKvQ0gFnSB:S95lI9JIRpU1AKv1gm

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0835ad2ce6d19fbbe1b3e1261ad901df_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2464
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff90a0446f8,0x7ff90a044708,0x7ff90a044718
      2⤵
        PID:920
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7994467125027517668,2731091126490778664,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
        2⤵
          PID:4636
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,7994467125027517668,2731091126490778664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3468
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,7994467125027517668,2731091126490778664,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
          2⤵
            PID:2572
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7994467125027517668,2731091126490778664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
            2⤵
              PID:436
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7994467125027517668,2731091126490778664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
              2⤵
                PID:4036
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7994467125027517668,2731091126490778664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
                2⤵
                  PID:512
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7994467125027517668,2731091126490778664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
                  2⤵
                    PID:4736
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7994467125027517668,2731091126490778664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:816
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7994467125027517668,2731091126490778664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
                    2⤵
                      PID:3244
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7994467125027517668,2731091126490778664,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                      2⤵
                        PID:3112
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7994467125027517668,2731091126490778664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
                        2⤵
                          PID:3960
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7994467125027517668,2731091126490778664,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
                          2⤵
                            PID:4920
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7994467125027517668,2731091126490778664,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2316
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1696
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1196

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              e4f80e7950cbd3bb11257d2000cb885e

                              SHA1

                              10ac643904d539042d8f7aa4a312b13ec2106035

                              SHA256

                              1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

                              SHA512

                              2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              2dc1a9f2f3f8c3cfe51bb29b078166c5

                              SHA1

                              eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                              SHA256

                              dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                              SHA512

                              682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              72B

                              MD5

                              f65ee9f8b9b04efe8ae4a01da267ed85

                              SHA1

                              be8be9153f7925e90b9f774b99abdbcc6a032cf2

                              SHA256

                              f53639969437642c5a7fe08563676113e3fce5a852fb9e6849676765fbde1dd8

                              SHA512

                              f07b666ad2c0ef05cc72a4d00d6ef4f9b61395075bdb623fce0ea95a1bb17e786a1b3949d2cae9a802bc0520b1f5e4907774f8e846fb365090937f346729b196

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              672B

                              MD5

                              3b8a17a05113f0f4da2c3a9e073e0f2e

                              SHA1

                              f9f3159e64f52859bbe2f2d62dd9fb4c9c245525

                              SHA256

                              0421c1985b494dbb4d5b182d5bc66193982c6393f69b85cd15d2b4d7fc944c83

                              SHA512

                              1bb996d5235d504008947c1073e6520fbfbb53daca0c95c9983aaaa2f62a0a2cd8be0e317519cb76e5cdbef05aec13f5857361d3792c1beaf5a7e18f1d0b31e2

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              68404a1b493a84a4f6e2cffb3313f197

                              SHA1

                              6088f5f59398647c04bd2c44f141fd020a046ab4

                              SHA256

                              94cc446908eeba80821fe31362538916e6c11aa84eb8aa46ba5ad5c163babf43

                              SHA512

                              039bc5cbcdb9168e629e39d088f6dcbdd07090e69c5a59483b59fe964619757051de627775c3ea0e9ac0ea9abac0060f227d8d543d303283042087c814147858

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              abfff48eaea445b23b82e8bab6cdbf82

                              SHA1

                              5c16cec179b0cd0e0fde85389acceed8593ea611

                              SHA256

                              5a49030924068e8fd2c507bf162358213db989579f4fe1c8616dfa23f218dbf7

                              SHA512

                              ad6edd744a367fdb1dad292a4d7c3f5d8b7b5742e7f60ed8a437ead9ca022072d202fac6a9da47038e41a40830ec2191d9e78d1cdb24455f2c9072ae327882f6

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                              Filesize

                              10KB

                              MD5

                              b79ec29cd1ee3a9b47c33dd7dfa7e028

                              SHA1

                              0ca18a81a1bdb4df25eb23d28cbdf557a67f2cc6

                              SHA256

                              ee2d3895e565ee421005770cbbd6b5fef76268e22b2f66fe5b8cbc61ba7cba66

                              SHA512

                              9b850dfbc8c885ad1ec08625af028fe855ae92fd4922eb8fd1bc5e3bdc9ff0738e1abe909dbf301ec31ca132989905eec81326fdd18c3196e797630fc3f72e7a