c96f77e27b995ba09354218dd59c4c66a832b56e4c44dc38b82d39e19bdb6b10

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6e763eff0de4874c300635c2d839d7b_JaffaCakes118.html
Size

39KB
MD5

a6e763eff0de4874c300635c2d839d7b
SHA1

4e5b1f38462c96dac4a8314bf7a4093305f32a42
SHA256

c96f77e27b995ba09354218dd59c4c66a832b56e4c44dc38b82d39e19bdb6b10
SHA512

014991474e5daca3f570721846e80ed1dbfb4f7c087849e9d399623107ee5595d8af6e894f115b82acdae04b3630a3ccb2cfd0a2e7463f070735ccda7e61511e
SSDEEP

768:i7TRkmtxUPu6l/rU2ACUztyihEPzdTiMUhtjM0DIM8RqrX8yQ3ET2PlVo6gRd1fB:i7Xqxmn6gRd1fh7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1840	msedge.exe
1840	msedge.exe
3316	identity_helper.exe
3316	identity_helper.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 2744	1840	msedge.exe	84
PID 1840 wrote to memory of 2744	1840	msedge.exe	84
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 3784	1840	msedge.exe	85
PID 1840 wrote to memory of 1360	1840	msedge.exe	86
PID 1840 wrote to memory of 1360	1840	msedge.exe	86
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87
PID 1840 wrote to memory of 4608	1840	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6e763eff0de4874c300635c2d839d7b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf51a46f8,0x7ffbf51a4708,0x7ffbf51a4718
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13295311845746865064,11823266820575276154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,13295311845746865064,11823266820575276154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,13295311845746865064,11823266820575276154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13295311845746865064,11823266820575276154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13295311845746865064,11823266820575276154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13295311845746865064,11823266820575276154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13295311845746865064,11823266820575276154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13295311845746865064,11823266820575276154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13295311845746865064,11823266820575276154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13295311845746865064,11823266820575276154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13295311845746865064,11823266820575276154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13295311845746865064,11823266820575276154,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1320 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
44d9436640cf90e04d472c696a6934f7

SHA1
73b21f5ea8fbc3061b4e104821e5fe0522d435ff

SHA256
45456d0611665677f4d792f0140672f38277862a4bdf41e2fe5ad12f896cf4a9

SHA512
4fbed5156fa631f6dc1f2b8043437900281b7f8f77b697d243a6a2e5126b1a8aebd4fbfa30979988bbad64349da369d03f3f6f4aecaf16656c6790a6129d8e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5cb6b3f646f03c9e037cb147e8555582

SHA1
64ea12d56782593a6b4bdec441d966c9b9efd688

SHA256
9ec256b5caf0a69c63a20003a79f0cd543bd2633ee44534ae2e94b881e3201d4

SHA512
31c24e2f76f4d2c61bdef8a5ff23ff1dff831cf250c56442b22ac6d6289c50ccc555a9a0037372a66c019f3a16097fe5f16ed9fe718bb71a7bcaf63eae4ba84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
669f9282f50dd6efb921c4816259b022

SHA1
aae7fbaf8d50d75523e367eb6b48e4457734a83a

SHA256
41b2002cda40f2aa29a8ccc1eb63fffbe27d869db7551a58512a84f2641eea89

SHA512
ef55b525437a4f9c5a1fd3a47d505058340c96f13208aef980820a98069db4ad5ccea5612dd2fa6176de120cb52c5cd58e447228dbacddcfdbe2e4aa1af3c2b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6890ab20f0903becd7a2263c2684a44a

SHA1
6aee88d339d3f6caf1b700ec9e33835c9bd88ad1

SHA256
39c28d2bea6aa4db0653c4f29640536170614ebd89c9adc6642c0aa7e374bd09

SHA512
1ccb38f69c85f17c539a096daade5157e1748565be4acca3e6e9d20ab58138892db9ab082ba436cdf96ba6e23bd2412863e5aa3ed481b696ec81b0b9f2566b7b

Download Submit