c154fa606eca873a1e9f231768aa2ad61ae1735fe0446d5dac8eb03b16abc377

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 06:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

853068fcfd9b2d6c0ee34e1c2ca41b1b_JaffaCakes118.html
Size

11KB
MD5

853068fcfd9b2d6c0ee34e1c2ca41b1b
SHA1

0b52206d020b1828f46c44c78d1e60ec5c7a0a0f
SHA256

c154fa606eca873a1e9f231768aa2ad61ae1735fe0446d5dac8eb03b16abc377
SHA512

c7aa5fbbf4ca9a21b3c9a34a9718d9c4e26725d96dcd19e919427746022448127d74fd6a2ff72864cc84ce123fa530a3c00f07167996d91977e374e8ae503358
SSDEEP

192:2VrlIsr032L8k/w1wvqLkZDBNknwdrPlT01amvLuBuLbdU8d:srlIcu2d/guDBNknwdrPlT0amzguLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
3424	msedge.exe
3424	msedge.exe
920	identity_helper.exe
920	identity_helper.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 3392	3424	msedge.exe	84
PID 3424 wrote to memory of 3392	3424	msedge.exe	84
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1132	3424	msedge.exe	85
PID 3424 wrote to memory of 1416	3424	msedge.exe	86
PID 3424 wrote to memory of 1416	3424	msedge.exe	86
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\853068fcfd9b2d6c0ee34e1c2ca41b1b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0a7546f8,0x7ffa0a754708,0x7ffa0a754718
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9282563696749550735,9818497917370115135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9282563696749550735,9818497917370115135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,9282563696749550735,9818497917370115135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9282563696749550735,9818497917370115135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9282563696749550735,9818497917370115135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9282563696749550735,9818497917370115135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9282563696749550735,9818497917370115135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9282563696749550735,9818497917370115135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9282563696749550735,9818497917370115135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9282563696749550735,9818497917370115135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9282563696749550735,9818497917370115135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9282563696749550735,9818497917370115135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9282563696749550735,9818497917370115135,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
db8b111bb69cbaa08c3d6d05a5f49e31

SHA1
a6f061052ac3c6e3aace39628c08c726e43261f2

SHA256
b0317000c74c84f57ad2af3c298225f46c4a607507284928f6a0eef6519d8ac9

SHA512
688a9127b30d7c7bad85440ed5f6d6295d471915fc2845bf682be8fac5de5ceae6c856a844c3dbfb02fc6eb163c66ebb1cffe98cf3a826e23cf467bf782d1585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9ae461089359b727005202f09f08bd9

SHA1
3d7013f719df52eae98642c57a03a4f44abec3e5

SHA256
8482379d08e515f791d251e7df49d6a057a033894889316f16adbb6520cfd036

SHA512
3bacc11e9d172f8f0ca1c4d988116796a039efc69749e00e9d8e1c6a1fd8a7187f83f88d827cb171b6f5832c614517be871c19a9b14a5f9faeda719059db222f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64348c9462c5538d7c8ee656b31cccd4

SHA1
a28507415e8071a2d7fd327d886936db30abfe42

SHA256
41684485241e6937b02517f40ee1dd6d57bc208ad6ffe9312c4d6c7bdd80b369

SHA512
a206bfd0deaa98c8607692a3c973bbed4eae71f94f1822b816b6e2ee8c631d1d8ac7040417a666c4d3a7589642eae73d339cd83df99af95eb4fcd5482750480e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eedea2510c3bdcb6b5a93de41bb2d506

SHA1
90958b9f8b88433ccf392b64b5f53c2db052beed

SHA256
41a717311a84f5363f6f5c1450e361229b6b2c024f57c4e66f2ca4c0d95e9d54

SHA512
21084c53c5b594401dcab36875c8c198689ed2cfdd22585aad1aa1d1214ef304b55db16b8144f4d65cd5e1de66c7c0f2910ccb20196535a506122d28f3010ae2

Download Submit