382528ae91ab91599be74f76a7af58aa9dfdc3c1df452de2ddb18954fefc1ba3

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 08:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4524a9ab3bf4ad45920e4fc4c4205393_JaffaCakes118.html
Size

36KB
MD5

4524a9ab3bf4ad45920e4fc4c4205393
SHA1

80ff1902972318bdc1323c8b4a43c8b083e22688
SHA256

382528ae91ab91599be74f76a7af58aa9dfdc3c1df452de2ddb18954fefc1ba3
SHA512

f43d71e0e62be5c1c61ea6b0c2b2f1aaf15ac9bc64364215da72a2a558f31880957e630bfb7b3fdeddc665b7c1eec1acbec308060eefd08d2c0d3a62ad83b62b
SSDEEP

768:zwx/MDTH1d88hARqZPXBE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TyZO36u3l56lLR8:Q/nbJxNVFufSI/S8oK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3528	msedge.exe
3528	msedge.exe
2804	identity_helper.exe
2804	identity_helper.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 4892	3528	msedge.exe	83
PID 3528 wrote to memory of 4892	3528	msedge.exe	83
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3180	3528	msedge.exe	85
PID 3528 wrote to memory of 3516	3528	msedge.exe	86
PID 3528 wrote to memory of 3516	3528	msedge.exe	86
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87
PID 3528 wrote to memory of 2640	3528	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4524a9ab3bf4ad45920e4fc4c4205393_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b8ca46f8,0x7ff9b8ca4708,0x7ff9b8ca4718
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2660 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
614B

MD5
6d32c7cc1106b7856b57ee2b6e2d6947

SHA1
33c9679b5a65d89a2e9657c9c2432aaf73a8dc88

SHA256
d919563fcd1a7db37f8dbbc62a8afc408ffe3d827fcbb8cc1becdbf16aeec048

SHA512
5d11065ae2323ec8076b65fa8982edbc7f2377521874a67eb620d6c48321c757cbef282bfc1dd0a7a71c2d13fb5b5dc3d6710dae59231d83626405fc8d002463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
008fab5954a44a5c61d2280de5111d91

SHA1
85d9f7f9d798cfb4c8367bda9d3f98d9eb7e7031

SHA256
189d364e14fbc9f58160ae7432907779205bbc474e0156da0213ceb77f1ecb4d

SHA512
7d36ccf729fe3de57d2f892f0ab32f287623e5d42381e09eac21e94e94e92a46b09c43ee35cc31fadac97fd48b4037131f78ae64d0833827e60f12b96190367d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
019e9d9b1ce136f93a40fb905ebf62ac

SHA1
d290f03eba5d2cd6c11c4aa63778ec9638a889d4

SHA256
e7631011ffa27dbc197a83be01be2e38d9c1d3aca7b8ca9c19f527d1f103a37f

SHA512
43abe47c2a9bafa1a9627365fd3a3ef3ae841819579d3f15759981f57b468f5d121449141ee97f508c1aadb5668add309ee5f1e4592198a6a2660fec52f07f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
38f4c3be7839be55df6f0360b2e7b138

SHA1
6e388af66b0c12d0f3bbf48afd4e2d530eda4df7

SHA256
4694cfd3c97134672d0c8e8abb556e8316d8d0ba8b2be52003c7800951868e9e

SHA512
3df5b7b08e5c43529beac5333ae675bdbc52ad64efe7f3ab430f7e450b9ab04a01a65bbd1524533545800e99dc17106fe877f82a536e3e523113d7b05f0a69b1

Download Submit