Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02-10-2024 14:52
General
-
Target
0b391f7d324c1a83009f5255d70658bc_JaffaCakes118.html
-
Size
293KB
-
MD5
0b391f7d324c1a83009f5255d70658bc
-
SHA1
463645bb38c2dd28cd28d6b0f8b148c3aa2fa11c
-
SHA256
bdf2929a3cc99fa36f467849e2e8d782359558ae20be1341427701261f9314a5
-
SHA512
9db6222451898c642d0514aa4f88d1a7e5680ce88340396c6cc404ac3ecbfddf75f3208cd7c05cc48511f73edbcf296f5b698ac2fc5da451b78b562b2d5f8964
-
SSDEEP
6144:SSXppaJqs5YT8PqndjPR0saTZe1OSLj2coNnRnvD+Gh0DMW+LQ/Qnlw9CnNpuN2p:TXppaJqsIj1OSLj2coNnRnvD+Gh0DMWg
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0b391f7d324c1a83009f5255d70658bc_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa198346f8,0x7ffa19834708,0x7ffa198347182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6960 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7568 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7568 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2828 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5984595329967478330,771149129287723636,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x300 0x4641⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59e3fc58a8fb86c93d19e1500b873ef6f
SHA1c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e
-
Filesize
152B
MD527304926d60324abe74d7a4b571c35ea
SHA178b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA2567039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd
-
Filesize
6KB
MD5170e5b56dca2b5cbca1be1017e20973b
SHA142fdf69beb7064d6ad3146e50fc267148a3676c4
SHA256afe0ef6901a390891c72389503141aa68fd97b292b368176b785d494ae358c91
SHA512d5642ad53dd0b99d540466332aea57d547154aaafbd2099268fedbe855328cb520ca290d3d676c4f6cf406fc8f59a4f1d5343afd0ea1d19e0c74a2fdb2094cf8
-
Filesize
21KB
MD5b71613e0375f6f211f4ab00cd6f4a404
SHA144d5d3cdb0557bf68883b7d945ca6b846b4b880a
SHA2568f02639c91d1a17251999479b0a614298b12dc90870206a3a23e16d643693818
SHA51224173076e0da8c96178272916362c380aef0156105786bff767f4555c95d148143dd16b06a8379db9c28ff00696499a0cc214cc0396683795ee8633a414bb064
-
Filesize
168B
MD5fce59b8b405282f0f8c415e494c8df1d
SHA1d9b5b809a584f949b3f70d93a928634dd1a86317
SHA25641fe92c5eeaaa145210c6e3d770628455a209f23026105725081837e6e605d88
SHA51216a74be78deeb240e2e6809ed4235d0a1afe7578ac713bb6c2979812769db5caf73684747a90ad80731eb17e9f6a92c963a845b5da637afb25808674a99685b1
-
Filesize
480B
MD5a704bc51ad6346b5f7d22705dafa3500
SHA1979383981aab740ef89da1ff3ed36b30fdec0ae0
SHA25673cde2119b2ccec1a21b1659ee7565cb611a712eb2b9a5fbe88b1d970ba56d86
SHA512f24d90c0059b8c4fae3524ec5059c0f7e5afc5254c75505557eda178e54787ca81f188607f55b49ffc7eb887d78d0866213cec7727ce6360d813cf56b998bdb6
-
Filesize
3KB
MD5465edc7948f63a2eac93781b3008c14e
SHA1ef16f5044ccada70b209952f34ff3c3d6403f88a
SHA256ce0f6e8bc3c37b12490589863f3d92b7b4f37c82e489acad0a6e92cd3f7fd4d4
SHA512b6d4f278ac06028109c1dde67e4e98d766ce8f886d17e8191fa31226fb0a24405b4fa9164b59a11fd378e5ff761f74e323e1148bf915469839f55f0a4ef811d5
-
Filesize
3KB
MD53c136ed913e09909fb71c9762679a8cc
SHA13a584f424cde885b829ee911b9d5506d4e291f27
SHA256bb600b28c309d21c6e569bb452decb0849ff895f256c4502102b0e2832478d31
SHA51206c6bdb0b0e202972bbac090c11e2a9dfaadfa4eaa54abf800ae01dc8c2aeff49ea5e51238396a21910af4e30ade89b62094834c09670c09121da3261ad5e1e1
-
Filesize
5KB
MD5e159168157dbb883a0e7cd2911994daf
SHA1521ed02d40a048436fdceaa3a7ca66422384f654
SHA256292f36c9b938534d3439ca07568c6bae6b6abc3a66676b97e887217758e31656
SHA5127dcc9f9c41a42ba2dc826f2ab8b358749c9550fe926b548868ab2581c00c055494a1b8af11f344fcf8ad8608184693d0daf44e25f76c8df72baeeb858cca0cba
-
Filesize
6KB
MD5933e693d25161a6eb1001d3d74120bb0
SHA182d73b2640744b4807e98b475e5296134289bdc3
SHA256d032f3eca25d9fff3de087cf4d00f387dae46d60e03d00c69e8d311ea79c5875
SHA51232851215f98b1dac545259550abfa59a536150bea2db0b8c0846f6881a4aead6845e7a2558eb2d55adf566d8532d4e2cc76dda8d1230ff7d034b7c54e62a52e9
-
Filesize
2KB
MD57023850bcdf17bfbe9a35974c6275d82
SHA17d41ccacbea8bc1c249f17595dde7f6fc66a935a
SHA25670c521a434162eb9dca828936a37f664118a4df96e59fb1788d2641e98c64491
SHA512ded258ba9c2eb5a8cdbd322ef68a966825f6da5985be2c767e5398a80d3464fa3f023dd01b3f7fdfb860fcdfbbb3d6a720012e32a5a8db8fc4a99fb717fc4a64
-
Filesize
706B
MD502b9bf25adb6ed8e4e04a154ae01cb32
SHA18bae27adda7f8bc7fa6d170de72085c98844d076
SHA256608ba60247c79e1ba32aea86fcdf1b0af49691655ec5b4f114db366661427e63
SHA512f385a34a05bc4664167ef5c4a776ffe14a383ec1228f7f6c21a37befc2cf02b7a87bd45c2661f9c99924fef0f1cce60e13887693a4421f114370190ad8e70a57
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD55053646e829935bdb89b12071f77a026
SHA105de8a418a7a215d53cb90857fe8395ddd1bfebe
SHA256ad27c7d9d18f74f55e94b8aa8cbf210d2aee8e79877fc8783777923966b7e1c0
SHA512ae4f716e3e4d8d9193ff201293a52dbbac99ae7e9f75380af1e756e04c87683f0378d4a0b60d37dc220fc31c90fd6286f5544f6d8ab6bb82a2638a35dbe0fc0e