Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
09-10-2024 04:21
General
-
Target
2ab811bdf9218c36d3299a9efb9c4ff8_JaffaCakes118.html
-
Size
101KB
-
MD5
2ab811bdf9218c36d3299a9efb9c4ff8
-
SHA1
09fe6f768c782374c19f09c227d2b16ce29d0672
-
SHA256
298df980e861635f7623f81a43ffb3ed2432d8dcf00c9a1ecdef0d3772139c5a
-
SHA512
ccfcced9a2e9cb0098ab82bfdf1ac2f50e2779eb3241a9b10b3df7e95ca7495052783269e3f97349a12cc76dee6c4016ae1cca4ecba8ccaaba41d5e19eca6fb0
-
SSDEEP
1536:f9epBOXIl+qxx6Omw8ieQUR+kQ3pxI0gC7HeM+8m8oHtBOt:f9epBO6x6OmwZpxI0gia8m8oHtBY
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2ab811bdf9218c36d3299a9efb9c4ff8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb517b46f8,0x7ffb517b4708,0x7ffb517b47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5488 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5188 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5200 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6688 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6688 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11568874874544638816,14943751313585933872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7cb450b1315c63b1d5d89d98ba22da5
SHA1694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA25638355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8
-
Filesize
152B
MD537f660dd4b6ddf23bc37f5c823d1c33a
SHA11c35538aa307a3e09d15519df6ace99674ae428b
SHA2564e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d
-
Filesize
23KB
MD52f24e0f5d2c2997a89fb4a8d943c141f
SHA199515bde1a5bf72105116ac902ccf3db1dd3df29
SHA25660c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf
SHA5120f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d
-
Filesize
144B
MD5ad3413819cf6bce8c640fe187d19f510
SHA1e91a859ac0789be257e40f163c8926933fb3f183
SHA256c89557df984e32ef9c7e0aabe7b970adc5a0135054a88367ede4adc0577b0888
SHA512bc5bcfb0947a08e573979d5157c6b0f91b79b309b787be0c0d599e67248559c2c8b47c20b408ab0bc886f6c554be56a251e17040adfec41c8d76b9bcdd94fdac
-
Filesize
120B
MD5c60dc02f15d77db16902010c60435d9c
SHA19f88a33fe1198830d28517db3453a476488d0433
SHA256cd0c4923c8e3822705c78c86d4f6cd8fbe084e3e1e3cdb78e8a5fe13b5d83f5a
SHA5122c7f36ed8256119de7fe7824e1843c0d54fbbebc908f2bf3562658cc772496569224a2077720d273f1027211ddd9faff28e682dd1e47895f7a75f6fc3f888454
-
Filesize
3KB
MD5c78a1a7de5d021500b43ed58be04c22f
SHA12daed0ac47b177026dd2956be440299ef00b1a8d
SHA256271cfed6d7c832f1b8a2521c5baa17acae7457f1c3141092e3ca00df8632b2e6
SHA512323fb5f5d237e3f7bec86a148de57305d97a82f2c9cdecf7d2a92d32991d970bf52edd86473dc0bc3a4813bd06783102540d1128f41842c5a7fc09a09d394eb0
-
Filesize
3KB
MD5732f2795fbc4850584311aad998a3d6a
SHA17ec96e8c4163e9232069dec68f6fe0dc66754dce
SHA25649b618b18b5a8e2f6abf8d3eeb2e48f79eac5e5bd7b2c5c9f4cf8a6a1b2600e5
SHA51298498938628f0e548c5af8557fc043eed91fb645bfa6946fb38cabbc8f0d0b277d664c09684290a18ac378f3add0079e77837fcf117c4f5df13bb8231c9ee38e
-
Filesize
8KB
MD5106a2a5785223a4681bc061781da0551
SHA108f8a12f2412a1f94b82df669fde227159feed0d
SHA256dcd14548ed51b6ed62dcb86af07a77ef874e9cc0592458de5feffbabc2f8907c
SHA512d3415d21babee0e26436c74f260e6d6455d1adaf6b7a70067423f9fc5c50986d43d60741889dcc94f1a0f0e341e6722504374f10b01df09293362fce636de7ba
-
Filesize
6KB
MD5a65471da018743e53ba93ad256bf97a0
SHA1bc48a9db30c1c1c1b36aa61e436025514ddaa4e8
SHA25655528eb60fa6b88dc7e9685a15a16d232fafb2a03d78cfedc7f999c3067991d2
SHA512bc60ea5af71215b5c5c0231c49c20225a4bbede0027e1886786eeb97b67759e066370eb96b6e87d441807819fae1aa6910c479460d53fc4278e8554529ca2f32
-
Filesize
7KB
MD5461f1ce36cdade464f009b53adfb39f8
SHA1630447bbaf0ee112f5597670318cb4ddf73c47c2
SHA256e0e4cfdaa44f5eeacc3e2ab27039e3c8e9c67b5b299335454c2cb3e8e5ed4add
SHA51273026b320e9cf0c6cc7cbe69ad06f7a00dee3788bd10d502460b14b78d8388fdf969d31121fe85ca9442d26c5108a0b8fd233cf3aac6cfeb8922706c7b1f1eac
-
Filesize
8KB
MD5c638155ab8c2023f0be363b102e28231
SHA187d4543a1f449a5d27a50bced3d3ec072fdc8a4a
SHA256329af0606c14ce7c7f07215726d0fdb107d5655e6d0d856543ad950c2ff02648
SHA5129a3c30d9c1977bf82c9c7c3b7dab206633a123887d7d4b93a20f80b5a952f50f091aeb579a74e97e71f42cdbcc21f358ecc20f1f977ecf222cc17f01f8cd5830
-
Filesize
1KB
MD5167640f941b61d4efc8e61c5f632f24a
SHA197f6d6268cdf5b2b4b49c8246ed1ff3db5b0c85d
SHA256135d58c494c706d7420731dc30b118fba26d6449fa6d865b88f12b2803c10ba9
SHA512ff33c8fec5d8f9aa5c6e26f6f2aeef06f3a4e3730caf1865832ac6351da6c83ae93d6651629003dac9e735bb01ce97afc55db299d2d6afb336fe1e91cc33c5ba
-
Filesize
1KB
MD57b7200eb4e23561b349222f07f75aa58
SHA14195ca77a7983f6d665be084df5d9b0331fdd4f4
SHA256f64c548a1f9b5ac58f5c9a009b8439ee6e528f35214669b568158fa9f3e8ac27
SHA512d7d42af8a9139a677f9ffd3143aba6a1d99b2b35294a09d19c20ec3831bcf4b84121778234dd1943f8411ffbd4cdcd1d8dcd134ac4b4a3731b42b7c514ffd496
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5fac981029ed64a63b9a5284dbb2f5265
SHA17df4f33f02ae7513360b04b6cfcbc7552be04780
SHA2560737fb8908804d48b295901ea6f5af4d33a4398aecd9fb4da08b65fbeefc7049
SHA512d76a00c8e7bce7c9543e6530a1be6ea545e64bc7f32893b35695e2e72953b2799d20a38030c47fc96be2e1dcbe485e15a3715e6d5a44fe37f6a8e7f11738a70f