7820615e2cddf39a52ce13ab55c5abc3a655c3628cb24a979084b618f742bc8d

Analysis

max time kernel
147s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86cfe1591c5d3bc6d614c79aca1ed144_JaffaCakes118.html
Size

81KB
MD5

86cfe1591c5d3bc6d614c79aca1ed144
SHA1

e1d20b95c06ddb6c8634a48fc2a9ee6208494fb5
SHA256

7820615e2cddf39a52ce13ab55c5abc3a655c3628cb24a979084b618f742bc8d
SHA512

eff8ab16ee79b3e899cdfc4a0280ff532fb9fea6ad972813b1bacc9cf71744715ffe4dc07a1b3e8764f302a0afb6ff0fe5170a6df0c44a6e99582d4e4f9f17b4
SSDEEP

1536:RIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7S21HR:H1Hl8WXk6Xkec7mTlHz

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
3892	msedge.exe
3892	msedge.exe
4508	identity_helper.exe
4508	identity_helper.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3892 wrote to memory of 4964	3892	msedge.exe	84
PID 3892 wrote to memory of 4964	3892	msedge.exe	84
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1836	3892	msedge.exe	85
PID 3892 wrote to memory of 1912	3892	msedge.exe	86
PID 3892 wrote to memory of 1912	3892	msedge.exe	86
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87
PID 3892 wrote to memory of 3576	3892	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\86cfe1591c5d3bc6d614c79aca1ed144_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9ab746f8,0x7fff9ab74708,0x7fff9ab74718
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,17618983038688241752,17058516990641815512,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,17618983038688241752,17058516990641815512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,17618983038688241752,17058516990641815512,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17618983038688241752,17058516990641815512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17618983038688241752,17058516990641815512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,17618983038688241752,17058516990641815512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,17618983038688241752,17058516990641815512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17618983038688241752,17058516990641815512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17618983038688241752,17058516990641815512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17618983038688241752,17058516990641815512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17618983038688241752,17058516990641815512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,17618983038688241752,17058516990641815512,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
381B

MD5
6746a3988f6ae58a02bf26d9e66b252e

SHA1
94d4561fe2768b2e17f6d114dc39ecfd94bf2c5e

SHA256
7b8c1f69547bdfe7a4183aa6c44a7c9150fa60cb4e7ec0e08eefe208bf99a8dd

SHA512
373defd1839ae47c93fff9bf81442cfbffc244df804c6af8c6348525c9621459eca3da547bed28a0bcc9bbd5944cd081058b858b31c78d68b476009efac13333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cad147eb60b0305e492b21d5393591f6

SHA1
2fea57eb56ef021a5980e011dc01b0c16cb62603

SHA256
2c68c22ca37afe397d725d8324473852378fa3f15cdb9cc5c3e4461c1a2917bc

SHA512
dec73c3fe3fb8e0f8506aed0abee5a49df217938c137c396333a3684f087184da37759d3ed922080b56e10087d471db0f21320591a7b784505763126b6ffdafa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6bae8dc10290f5ca66c12cf6c1476e73

SHA1
b2cd4c51ba05cf4572ca9cbaeb765933d444336c

SHA256
92c2570ff934e8b789ead4283252a075c2db874a9046eeb1a610cf642c4404e7

SHA512
f5aa293fe4f01262308d50e7b6c6783c344a5f434302c025015aeb7a3dc6028ee97a8a15fb3351316ff1ca7d2eb8f4be494af613d060d7f9ea159bc9219788c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b1f58ff3200eae7cd06ad4749d3a8940

SHA1
1e95d17ae9d3f93fe9ef7f832c0b729060564e7f

SHA256
5f81fd16e59ab9bb8de2cc6b241cffa1f58f5fbf873336fc37e9f70b3df20337

SHA512
94a0a6cade7080865bde881e45103ac1795b4cba08e56ceda32dde673a738df61a33a1355b56c2a1a022f9b92399c487eeb8b9e8078a5b1db48d907639e06b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3d007ccf3a2a28c79eee31c3db34bd73

SHA1
a64a7a844b58a6f7005be961d34365636e1eba37

SHA256
65ac80ae623fca782cd375340a90ca5e546d7fad52507b90c0ff983e8f659e72

SHA512
35d5c0a35b47c5abdb1783c0711e961bb7f697263ce97c86a026c7aaf41b07f56c4cf27fd7f26e00527fdaca024c64a6daf430f3c2afa07035a73872e62b8c22

Download Submit