154a96d1f3dc893b3890504c858e426671b5304c912f7ed877b2ff0ae6eeeb78

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 10:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3454850d62e38d79ff811f164e007ebd_JaffaCakes118.html
Size

3KB
MD5

3454850d62e38d79ff811f164e007ebd
SHA1

fbd4e2adce5986b6d8a15d4bf7d8e4d8ac5335f1
SHA256

154a96d1f3dc893b3890504c858e426671b5304c912f7ed877b2ff0ae6eeeb78
SHA512

f64219141c0952b1c783e4650226593cb2e78872732007383e9d71b80a4f9f6a9dbd25c63afb4403eb008b313ac72ee24435d34063142aea5fb6668d097a27f0

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
7	http://internet.e-mail

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3644	msedge.exe
3644	msedge.exe
2436	msedge.exe
2436	msedge.exe
3920	identity_helper.exe
3920	identity_helper.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 1416	2436	msedge.exe	81
PID 2436 wrote to memory of 1416	2436	msedge.exe	81
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 5060	2436	msedge.exe	82
PID 2436 wrote to memory of 3644	2436	msedge.exe	83
PID 2436 wrote to memory of 3644	2436	msedge.exe	83
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84
PID 2436 wrote to memory of 464	2436	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3454850d62e38d79ff811f164e007ebd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf79246f8,0x7ffcf7924708,0x7ffcf7924718
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6760564559381708533,12701491554947502086,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6760564559381708533,12701491554947502086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6760564559381708533,12701491554947502086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6760564559381708533,12701491554947502086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6760564559381708533,12701491554947502086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6760564559381708533,12701491554947502086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6760564559381708533,12701491554947502086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6760564559381708533,12701491554947502086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6760564559381708533,12701491554947502086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6760564559381708533,12701491554947502086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6760564559381708533,12701491554947502086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6760564559381708533,12701491554947502086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6760564559381708533,12701491554947502086,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2312 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
ad2ea8453e12a1652a8217503c2298e7

SHA1
f2dacd5a89d9c21b4a7c1346651a26e769c199d6

SHA256
d5ad6dd888850a556939caae4c0dac2b82fa6df685ff934da901c0b330b6cb04

SHA512
e8ade52da4e5d5b2a19b9bb717be749650e1adbe9ce3b3ff903bbb53186943a6f9ce3e8280ef12ce533b5a8d2bb893262488b6de5ffca7008f57870a25ed8f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e76cf3148a68f32c8d5750d95ed8c38a

SHA1
b0e4a3b7beb3c8d14b7f671115740244b6b789b3

SHA256
823173697b0a77a0dd7aae5c959b631ec76619f3d4b0075d967364a00a236fac

SHA512
66f733695c502370feab0c4f36642132c363babe8797b6d8e42c88eded9b15367e8d85c13ecb896170f6d2c0da91a20be4c3e50e64fe0740f0a0f29495209cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6408fd5ca78ff1693188212fdc60c0cf

SHA1
dab349f7b77e46c2c257ce2027c459efe1f774cc

SHA256
d4d74dd12a6a75068a3c59e25613397c00d18f3ae82443f49edccda6bc50fe4c

SHA512
37b882488c3012c8878d76a789bfb57906ad0883fd0f143b994e58d5ea6c2db79d59b89b034417e023149695125c51a72f50363036cea3e3b42de0b335ef12f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c29f1e3fc9934f731e26b3dacc1d0f16

SHA1
0ef5bf2da71bc6e8497b15139ae1a6a9919abc8d

SHA256
932fe0ddd4f4b6692f996dfa3654bbfb579af572e03a8acd7e3527186bef511e

SHA512
8dcc96c7457680e31899afcfe17b8cc629b24fd4127eaf790c2675026ab1f0d1980a9ba3608df89df0e920ad8562c4364fcc69dfb76df3cb1f584beb0bf9eabd

Download Submit