Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-10-2024 14:53

General

  • Target

    407b284e3652d9294256e18ad54b9c2b_JaffaCakes118.html

  • Size

    110KB

  • MD5

    407b284e3652d9294256e18ad54b9c2b

  • SHA1

    b67f83523b222e44b41ba1979bd093527e911451

  • SHA256

    65a1cef4a0debaeea2203b4bc69b969030dd81f299dd93b8930cee206f90ae70

  • SHA512

    b820d4d5f2d509a68396d9d180006c32bda7381dae0e0cb7896e394c96e7eceaae15b3470991e69b96a70f8d944f0f7d549a0da256bae65f680c5d4865f1f8f3

  • SSDEEP

    1536:jos2mLqAqmdd4aujzuCvqAqmdd4aujzuCfzuziwEb:jIlu7uKzuz/Eb

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\407b284e3652d9294256e18ad54b9c2b_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:916
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd314146f8,0x7ffd31414708,0x7ffd31414718
      2⤵
        PID:1308
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1247240870461620016,1135673760231769413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
        2⤵
          PID:2384
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,1247240870461620016,1135673760231769413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1172
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,1247240870461620016,1135673760231769413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
          2⤵
            PID:1928
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1247240870461620016,1135673760231769413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
            2⤵
              PID:4692
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1247240870461620016,1135673760231769413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
              2⤵
                PID:856
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1247240870461620016,1135673760231769413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
                2⤵
                  PID:3720
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1247240870461620016,1135673760231769413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
                  2⤵
                    PID:2808
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1247240870461620016,1135673760231769413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
                    2⤵
                      PID:3264
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1247240870461620016,1135673760231769413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2432
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1247240870461620016,1135673760231769413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
                      2⤵
                        PID:2668
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1247240870461620016,1135673760231769413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
                        2⤵
                          PID:4692
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1247240870461620016,1135673760231769413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
                          2⤵
                            PID:4592
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1247240870461620016,1135673760231769413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
                            2⤵
                              PID:4488
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1247240870461620016,1135673760231769413,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4952 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1820
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4812
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:1792

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                fab8d8d865e33fe195732aa7dcb91c30

                                SHA1

                                2637e832f38acc70af3e511f5eba80fbd7461f2c

                                SHA256

                                1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

                                SHA512

                                39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                36988ca14952e1848e81a959880ea217

                                SHA1

                                a0482ef725657760502c2d1a5abe0bb37aebaadb

                                SHA256

                                d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

                                SHA512

                                d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                                Filesize

                                16KB

                                MD5

                                9ede38f15c9b3d80559e164227fe0a8d

                                SHA1

                                5ce850ee7079180207ed4cb628e6f82c9099d744

                                SHA256

                                2273f3f1f72e790edd740d81b36b49a034604d4af590b9eb39e50f8f5a2b8f59

                                SHA512

                                ce2697d1d1e02a4af2ecce75f34f7227269bd5d43a0f75401e7701c4b7e601791afdf95609921787aa09c2bde96edfdc4cbaa6a04362b90de7c1ebc4719769f6

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

                                Filesize

                                17KB

                                MD5

                                881ebb2b6ed8b3cf95854a5f058a9fab

                                SHA1

                                6c1545a2b33202689c55d5954cd8b0dffabb7f87

                                SHA256

                                0d141f7a51dd97fbad1c77685a582e0a41fa4529f5bcb293ffea1f8704febd6a

                                SHA512

                                b001eb4c49687fa25c1efe803ef45dd820df9b88ff543b9c43c8fe2d7b2f3562fb1c52cae206e9a25a3f211862f273df147d77485b09592fb15936d6cb213aa6

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

                                Filesize

                                18KB

                                MD5

                                96f018909fa45c82c7ef023b34a6b1b6

                                SHA1

                                865fda67932e3c95284b9d1ac7d0e91b9d9b1384

                                SHA256

                                180ef932e5609b122d54eea30d85a2d4203937349195307562a39a0947456549

                                SHA512

                                402fbcea1f49089a752425d960e245e3c409cc525cbd19b9de7f7df88d99a0965161628a4633e0e741deb2b54fbb331ac9b248dd2035cd217db58771496dfeca

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                384B

                                MD5

                                974293d2ae8f30563cf81531a2d8a7b1

                                SHA1

                                f151bf4904f8a6f3b6bbb1aab975ee6faffce470

                                SHA256

                                e26c22aa8ec07bffea0b742c6f341cb1f92c2753f47e83af001f9ec7ba4622dc

                                SHA512

                                15a8a39fd95de445247471aea0657b35eaca1980cc2b84e3fdb28c2760ee7ab9d14246515872ef8b26d4c2a357113c309140820b8748c395ed16021f1c4afa82

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_devicebind.ebay.com_0.indexeddb.leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                46295cac801e5d4857d09837238a6394

                                SHA1

                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                SHA256

                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                SHA512

                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_devicebind.ebay.com_0.indexeddb.leveldb\MANIFEST-000001

                                Filesize

                                23B

                                MD5

                                3fd11ff447c1ee23538dc4d9724427a3

                                SHA1

                                1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                SHA256

                                720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                SHA512

                                10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                639B

                                MD5

                                0ba4adbde2bf9f31348d5034c9e2a7d0

                                SHA1

                                0d6e1351e735dd4f0f993a374e638f05d8ff5f20

                                SHA256

                                fd12ca68b740b00c34d599809b9e8a266e655307d849ec468166d4577ef2ed6e

                                SHA512

                                bc5b8304b77714b3230aef32c144a589b4853e2ca6abae0bab2204137b5fe1272b3f3b77a2b994d525b0cfeebd6ec4ce20d5dad5ad8cb87b952dab601cf315d3

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                712B

                                MD5

                                e7d382589e1a34e4b51f7f70a140f474

                                SHA1

                                cdcae1ac25d295f80dbdf173ec738fc417e992a3

                                SHA256

                                4a9ec47c9556b7b2640c14e300b361a5ec274e795a1dba86cbb1a016baafb043

                                SHA512

                                94ff3c43a0f91d9f7db79dd68ff236ae7838a5bd6932d65936364d20a8fef914e666786c19a2ccd62e1b1b2464d0a660cfdeab0960189eaf8a516c6c669631df

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                e03467f70fca3522cad7cf3ba78a9d87

                                SHA1

                                752191f40c38b51a99a61d481e92fae6fafd9cb1

                                SHA256

                                30e250e6c7e3ef34c3b4b3315a0f85b4c3713d003a25b521be99eb5c7da1cc8d

                                SHA512

                                a6b841f4f01f72863fc14a36dbfc208f16226d320df2c4ae65043fcee051f9779fe6b50c582354076fa065009cb8ef7d7949beb72b5917cc0ddd508f46d5df84

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                7KB

                                MD5

                                58b76d7814c03efafe738685ac305f70

                                SHA1

                                22e71ca65f0b314580ac426505ea4992dd8bb5f1

                                SHA256

                                bf5a6cee012f81b6936e27d8c1e01b745556849c2a8fcc43dc21256688066d01

                                SHA512

                                a1f3b3da6d090e5f1d7c74675af4153df2be656c81faa9df240e197cb03ebdcd297f8a13d6998ba41f00a39b6838aa626e0d79725d5c4585630be975fab000de

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                22c776a9fba88b19d7549a08150cf5d5

                                SHA1

                                d4c49af5b8116f6b0b53c549d77cb5445d41c3c0

                                SHA256

                                ef32eabc98aebc645b40fcb2750910d48165aed63fab382ac174631923502f97

                                SHA512

                                df51145c3ed61fac209cd8fd8cf77b4456de5d068bd07494fd58d51203dbf8f36dee1ed6a9b74ba66e2e4f7a146fbb3e0a9290061f1fe0f45d1cd4f85a97ac6f

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b4e4.TMP

                                Filesize

                                1KB

                                MD5

                                84a7d583f31d8ea0feb18adc34e905ce

                                SHA1

                                3ddec0e4b02ca8b5d05992f95321d56be943de5c

                                SHA256

                                f83ead9546fb92f947b3945ff8dbd5c42407ef8c2e2bbc984dad5c739ec6b11e

                                SHA512

                                10e0c9f21fdc0fd965de81554b58f09d85a10124247af6e36aee3d494b0668c17d74995bdde88f771ce335e12a226a63fcdce5605806cdc92c9337a7592ea1fe

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                206702161f94c5cd39fadd03f4014d98

                                SHA1

                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                SHA256

                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                SHA512

                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                Filesize

                                10KB

                                MD5

                                6c2116cec0b7e9daf36cdff4ab93b419

                                SHA1

                                3dc1087e4b3af866e152494164a0076b4fcc7450

                                SHA256

                                dd4dcdce6755a9218e7c9a6b9708eaab013a699f7b14e905862c88acdd4e3c08

                                SHA512

                                398ab37e1d47baa50e223356e8c40c66db76df50a6f146458be4edde2994350aef8016e2d0353385f5eafb72e0065ef618f7b52fe9e567c99571cb4777287659