18f08c8f48dcba6035961f6a9e943fa9b6fe2584cd2bb0ea242cbd324e2b3a8e

Analysis

max time kernel
145s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 08:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa3656b0852c0c7aeb6042f0d62b601d_JaffaCakes118.html
Size

53KB
MD5

aa3656b0852c0c7aeb6042f0d62b601d
SHA1

23a148cd98dc0136b54ff5c6c2cb7a9224e12968
SHA256

18f08c8f48dcba6035961f6a9e943fa9b6fe2584cd2bb0ea242cbd324e2b3a8e
SHA512

ae1441bed27c598b9beffa4cc2254ef6756afb37d646a5f60c515945e538871964358d811204ebb25574f35e9eb7df5d84c743d1e1db885967238754b15ea28f
SSDEEP

1536:CkgUiIakTqGivi+PyUSrunlYe63Nj+q5VyvR0w2AzTICbbSoz/t9M/dNwIUEDmD7:CkgUiIakTqGivi+PyUSrunlYe63Nj+qy

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3364	msedge.exe
3364	msedge.exe
3824	identity_helper.exe
3824	identity_helper.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 952	3364	msedge.exe	83
PID 3364 wrote to memory of 952	3364	msedge.exe	83
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 5080	3364	msedge.exe	84
PID 3364 wrote to memory of 3700	3364	msedge.exe	85
PID 3364 wrote to memory of 3700	3364	msedge.exe	85
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86
PID 3364 wrote to memory of 3976	3364	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aa3656b0852c0c7aeb6042f0d62b601d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae86e46f8,0x7ffae86e4708,0x7ffae86e4718
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10158998291285248326,6987880848039094305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10158998291285248326,6987880848039094305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,10158998291285248326,6987880848039094305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10158998291285248326,6987880848039094305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10158998291285248326,6987880848039094305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10158998291285248326,6987880848039094305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10158998291285248326,6987880848039094305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10158998291285248326,6987880848039094305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10158998291285248326,6987880848039094305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10158998291285248326,6987880848039094305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10158998291285248326,6987880848039094305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10158998291285248326,6987880848039094305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10158998291285248326,6987880848039094305,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53eadca7e43c84e37dc45f35317daab3

SHA1
b66cd4dfa0499bb617204fd470f418868f4ac52a

SHA256
60284a0eb50b11536f43812b0613ed30de66a8f2a3eb6e0773d03f32954f5700

SHA512
b16ea2bdf8b3b6cbaa86f873d8a10a4246ab2d7e3b1d31b37566092eaabe35dfe28c42a97900757b0f8f415a98f1fae337f8ce2fc2c7bb21351ae0fe7f546b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1341ab8cf782c220b4da83aab40a72dc

SHA1
7aaec547ad3382794e82a9a11e7f6cabebc50dc8

SHA256
a12e2ba579064228753e3ba6a90be092e05598ff2ef7e8f731c18dbf6b66c9b7

SHA512
d65777b5339251b29ed0a5c8eba8a2782f7797bd6a7005382400aa26e45dc514572757fa0da57898e550e1c653e5a659e3fa859709e8aeac1e04283fe46aaab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4ce34f873bc520663d4bffdb308c215c

SHA1
17f7182d8e105b0b78d18b201634f6e7ce0a5d3a

SHA256
718999b45873d10eb1920530755b9a2f458860d24b47fdd498faba784708f0d5

SHA512
4a9f3afbf7b276674d4eb1aa35c4c51072373b53607b4f62d72570a82e86d1906aa0e4a79b08dd000c7a1b39daf6df26dab23da11186ec84f42f5897479b2ad1

Download Submit