67d3fa3ff6c03f5e2e28754a0af650cfa7dfcb6cde59fc83c6655b3327024521

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16-08-2024 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0590417b296ab7b06875dc725f7cb32_JaffaCakes118.html
Size

111KB
MD5

a0590417b296ab7b06875dc725f7cb32
SHA1

80763b64cfbacd3cf7f5fc564414680c9c6b7bf9
SHA256

67d3fa3ff6c03f5e2e28754a0af650cfa7dfcb6cde59fc83c6655b3327024521
SHA512

b4cd3f3f26eb42b9b1cc09ecb197a4e5ea892ec152d5e90a5e7c901e26670d8ba631736f198d861d7b18819b17701df572e964a84440db0f769136817279f482
SSDEEP

3072:qhue8cWFS3aduUPLqtL8YOo3/vZuNPmBqdTHMFVN6:KlPa7egnopu3

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
4068	msedge.exe
4068	msedge.exe
4732	identity_helper.exe
4732	identity_helper.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 2352	4068	msedge.exe	84
PID 4068 wrote to memory of 2352	4068	msedge.exe	84
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 892	4068	msedge.exe	85
PID 4068 wrote to memory of 1220	4068	msedge.exe	86
PID 4068 wrote to memory of 1220	4068	msedge.exe	86
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87
PID 4068 wrote to memory of 1576	4068	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a0590417b296ab7b06875dc725f7cb32_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90a0446f8,0x7ff90a044708,0x7ff90a044718
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,14479334675720904361,1190498392191071350,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,14479334675720904361,1190498392191071350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,14479334675720904361,1190498392191071350,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14479334675720904361,1190498392191071350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14479334675720904361,1190498392191071350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14479334675720904361,1190498392191071350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,14479334675720904361,1190498392191071350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,14479334675720904361,1190498392191071350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14479334675720904361,1190498392191071350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14479334675720904361,1190498392191071350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14479334675720904361,1190498392191071350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14479334675720904361,1190498392191071350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,14479334675720904361,1190498392191071350,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
3b849975fade359f0e2d84f580b5121c

SHA1
cd020a9b3d02da31a05c9af27bfc1c4b1559a73b

SHA256
aab5c67684a0914003c6c1c1cd209830912286274a5dcdf392cdaf599944fd5d

SHA512
ff073a4e3b88a75295929cf744ca83f74e4652b72f7bf1d460084a07ac2a8b4c3419ee75fb195efb9c425b7fb3951b00627a97ea6daa30815f309b0eb0cb4c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7a28d5abffb95e6c625dd948afd59fbf

SHA1
adf3c2f73acdd74e511442c967914f93bf95844e

SHA256
6fd336789f1bb0c76f35ab083e4e7989e6d9853465cb3070aec78832ce3b926a

SHA512
38dee1136bcc4c7a409a171c89364c2758622356da5fe476e9e6384d77f36db4fdf7eea24d3166aff47f98a1265be9f008019d87ca48f1560bb9e69f5decd038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e25e25f31ff5bc9b8eeeaa211f7530b5

SHA1
9e77e89cc9c061fecb169377b306062eb24ef4d2

SHA256
3d2a5da9815e78cfa158fb32184f308955b696ef4d0a8c88f3a9880d6d80bd0c

SHA512
159cc57918dcffedd93754eb4c19af54e16c7b5969910d00132e4efe0ec7852d7474c0ab13e870caa7d8efc2f737652dffb2f24c0320aa25691c883ff4448970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2807931c4347979d8ba887d080017276

SHA1
bcf85c2217439aa068a88ddef82535bb641590e8

SHA256
f7a8e17b159d33aa9726dc0b124abeb775868c4859cc73ae83833a4aabccc740

SHA512
d3c2502469a30dd9eb44d92054dc7109cce4afcceba341662589cd09b8473b118b5d10bd18a506ee8dcd49c6bb412380bab82950b7fb0a5eaa2a56cc6a1ec877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9660f207e2520f73834c5a52a07788ed

SHA1
aaae203fa6e14a55fb9539c488b7b46ca68ab682

SHA256
06ee041d3600b129754cea989d681376c7f2d29271a874f13fab9ba5a498f34f

SHA512
3409ec61e5d7c2edf3a7c9ee9160bcdb6b8ff1f051c1f5423787d9360d881d066db094aef2987459c342eb219451163457a6abc40daf7b8780024f5d25361802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1c5a20d3eeb6e82ef188d193090a607a

SHA1
52ca103179bb07e7c84780db8c5ab3815f2fde92

SHA256
7ea0029c69ca06f0ad29a4005597416c84e07f53f762b39cb4a5111e108ad1e0

SHA512
41d4f933489a20a707cd8195101754095e52f60d048d4579e52d0f05f279fbfae0e458de1346f33932f7ec7ee17e570aecdbd16915f555a81cacf30be38a691c

Download Submit