4139dcb1b94b9d2a2d87e1fd812919c647f50a3f46746b1e422be6192563cff6

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82d00cd26c2a829582c74231f1c29e3e_JaffaCakes118.html
Size

53KB
MD5

82d00cd26c2a829582c74231f1c29e3e
SHA1

ea1d70f7c47b16a90d5a34b4756c65ac6b3dacf3
SHA256

4139dcb1b94b9d2a2d87e1fd812919c647f50a3f46746b1e422be6192563cff6
SHA512

56541195fcc9cd042bcd962d12cc04107e82d4a816e0772ce981dc94c05cd9be04d104d4d0cece337f5c24111ab0ef124db9e6e224e0a47abdfbd3fa83d5ec25
SSDEEP

1536:CkgUiIakTqGivi+PyUarunlYZ63Nj+q5VyvR0w2AzTICbbkoO/t9M/dNwIUTDmDu:CkgUiIakTqGivi+PyUarunlYZ63Nj+qf

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
1568	msedge.exe
1568	msedge.exe
3484	identity_helper.exe
3484	identity_helper.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 2932	1568	msedge.exe	83
PID 1568 wrote to memory of 2932	1568	msedge.exe	83
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 2164	1568	msedge.exe	84
PID 1568 wrote to memory of 3024	1568	msedge.exe	85
PID 1568 wrote to memory of 3024	1568	msedge.exe	85
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87
PID 1568 wrote to memory of 1868	1568	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\82d00cd26c2a829582c74231f1c29e3e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe25ac46f8,0x7ffe25ac4708,0x7ffe25ac4718
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16583861972179348471,8013550637900708643,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16583861972179348471,8013550637900708643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16583861972179348471,8013550637900708643,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16583861972179348471,8013550637900708643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16583861972179348471,8013550637900708643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16583861972179348471,8013550637900708643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16583861972179348471,8013550637900708643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16583861972179348471,8013550637900708643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16583861972179348471,8013550637900708643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16583861972179348471,8013550637900708643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16583861972179348471,8013550637900708643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16583861972179348471,8013550637900708643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16583861972179348471,8013550637900708643,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
336e632142966bb5b1555731fdae58b9

SHA1
df21896206cb41e55caef4082b8d402435de5389

SHA256
bf03fb88aee2f97c7757c4d05b84f3873ba82c16de2a537679f521bb42d2a3d8

SHA512
f7cc58005811b16b1842307d473d379a0444269936ab2c0bbd58d827ad5383e0400e2a7e863f59215412a2f84924b1f8758b155b1b7eb83d045d1b6883c92173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dd3fc896ff3b0d6ebf2ed72827fd3aa3

SHA1
8c8a9bcb355d3fddca81c5a0b7c85a094fbe9b5f

SHA256
7d083e4431e3faf959c6c5f74d0319e5c7b199407b6a36c7adc980376e6da72e

SHA512
5950639d09cd39676d2277efd11e4e21fcb6431cd67f7f2ba900def9d25fc4d56015ae2a0e32fa9f599e71f1ffd0f1b3981c57a30d73095915f975e783633619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
402B

MD5
67853e9ac11fce98598f30df0285eeea

SHA1
d4439fca9f00b44535b7aba832383284910ffbee

SHA256
a8da4432f7b38cd1ed96ff9c51afb051e40ffd4dd22bd8d445efb6c5ee1e6145

SHA512
39268e7de07ee19534ffb049d8dbc4ed99ecb2fa255ef3b8f5122366c1f16eb87ed1e3af1b575e312c08a56aadae73db70f5de1ccb2966097066b9b79110ecf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5973c2b1546aab6c2443b1ddf5242a18

SHA1
f596c59c30cfe78f0597e84bed7ec151c36b9a1a

SHA256
4b30d315f1f8e80b16517761032354b17229e50b126b943246412c83d01f9403

SHA512
7e8e005bc8f661a6ef412c36d4d2ec5899e96434c1797e369404d9f8e00108da72df4bb28ea5c0e5df179d05cc59ad3c1c6c00ed194a7b94416ad0679e9cb43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4adfc78a6e3e284b5a9198b0836e74b

SHA1
c3c1cf3cd6418921fd50f4a1dd57d583371f60a8

SHA256
2d4a092e9017adba08a3b1af993f3c2d9c108cd749d1bee96d4a5534bca82437

SHA512
149f82773d4b9b34f7b4aa98b537e328e0c68afc958b47bd5102886d9653ed6c592a3d3b109f676684ad9a14fda8e0b9eeea007419b68e74f08c561560c24149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f43fa1ac15d60e9c8bae3f146f9a4c97

SHA1
d9ab4141af7f24893983e9600acdaea19fc117c4

SHA256
5cb6323b867c5456943e8ec6f626ad1cd17e594db7aa464f50c36544b34ae15f

SHA512
00fbbe18529e3e912682080c8d78bed96b6ff68bf71f8037c0f95cd93acae2c80209107f5813d0e0b8a1b61c808a3eead561767d036266bc3c7f566ec3ca1bd6

Download Submit