741ef6ed919671c2a80765417b3b7c92d1dc1af9042ed2c2dce41ec276179745

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1a39789c45bd3d686ce1ad85ae8e238_JaffaCakes118.html
Size

75KB
MD5

b1a39789c45bd3d686ce1ad85ae8e238
SHA1

493b59b855c474e27a55cf2d6b05af9fc977d65e
SHA256

741ef6ed919671c2a80765417b3b7c92d1dc1af9042ed2c2dce41ec276179745
SHA512

28a203954582cc69a22f49dffb53fb5fbaead07f0030fccacc65a584d5a38861b7aaa593ffd0d50db782a136464e7223cb366ff011231d87c273291ada6cac07
SSDEEP

1536:7vNveV0WWUPNopx64+l0mwIn9rCX7CesIAsyBEMeXCaIvfOd:7NG5opt+l0jG9rCX7Ceis9jCNfOd

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1812	msedge.exe
1812	msedge.exe
1416	msedge.exe
1416	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 4628	1416	msedge.exe	85
PID 1416 wrote to memory of 4628	1416	msedge.exe	85
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 224	1416	msedge.exe	86
PID 1416 wrote to memory of 1812	1416	msedge.exe	87
PID 1416 wrote to memory of 1812	1416	msedge.exe	87
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88
PID 1416 wrote to memory of 5008	1416	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b1a39789c45bd3d686ce1ad85ae8e238_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9feca46f8,0x7ff9feca4708,0x7ff9feca4718
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16900960363934438078,5143930659857915066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16900960363934438078,5143930659857915066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16900960363934438078,5143930659857915066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16900960363934438078,5143930659857915066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16900960363934438078,5143930659857915066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16900960363934438078,5143930659857915066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16900960363934438078,5143930659857915066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16900960363934438078,5143930659857915066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16900960363934438078,5143930659857915066,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
21KB

MD5
c3a1bf5fbff5530f55ad9f9fa464f25c

SHA1
449a621b775cbe1d3ab69c54a0e18c0ccf6d6caa

SHA256
4ea6b3a39d794db93d1084770cc340272f8e5ffd5cd8d0c05c1f5841e5dc13e0

SHA512
75aa617b33be2eabe9f67166d14939d58abdb2396b9911dc7ba612130d2ba9adfc90a3cc9b6de4dd6cf8731c90f2ca74b7f9cfaf4a9d0bcbf90d03c907e45a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
135KB

MD5
cb98a2420cd89f7b7b25807f75543061

SHA1
b9bc2a7430debbe52bce03aa3c7916bedfd12e44

SHA256
bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4

SHA512
49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
d1d0c2e184ab7d13544575b669dd1e88

SHA1
561bbe427006ff4d2b368049cfd299029cfd3b78

SHA256
99cd53a830f45a65ff1409e9efa09aa645f9605f194f5c11de35fd1d510e4796

SHA512
29323d375e773f9346eec4fa162ca2d6bafe28fd21226c58006e0de32632841043cbea9e09cc173b15f518728d1ad0828992aa36020b96d384ca8ada24bf6640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
348b2b78605c1276f5d6268b790ca84b

SHA1
2a51f21de2ca8d492ec096b445b97341240733c0

SHA256
949cbf3073dc8a4a71ebc3438d02a0836bdab70a8bf0981605ca17bd28f4f673

SHA512
a62b21655ecc918c5279601f58793e938e696b210d0f6d8ebd8cd72ac86c63e69db848968ff2d9758cdbbf7d3205ebfe13a3ee11952c9d15326a02746242dfe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a8c42fa4afd48c1fb1e1ff2508669b79

SHA1
46f4add7fca6cf88b0d77b1b32a5f3f2e808f406

SHA256
86e955c51dc496433056cf5fb8cc74382d386d852e84c2282f5c4a3a055350de

SHA512
c5dfba74e8dddb63b8f1974405ad420b0baac1632f16d5360fa9da483bc8170653f7b56e17fcf64f85732b4d5ee05a13c7d134e9dceaa65c728a40ae9244cf47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1120c6c6502ecd6a9507f0034a0541e7

SHA1
08c8a366d6f3b891ddbc60b323b2d56ebf20cb78

SHA256
5297d03bd54a7580922509386318ef08cb8db80c57381b8d96e6256f9102a868

SHA512
0ff4afdb6e0230a8ee37bdedc6d9ff5e27a7a09b1c4a4e00475b3dc78aaa3dc1f3b5678f56e6e0267130f51af18c2948d24c859e379c6f15e14c33d77f342170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2bc8f2ae5f8f95217a2e6064b15db8c

SHA1
8d9bce8dc31c3574613515b0dae2ca6edc94c460

SHA256
449e9288c07fa91f2475de2b932b6a7b977da93b489b58467832d649efff5ec4

SHA512
4855e3799fd610332c13793f28c778db84e728e2640d3f7c67626086839cde63333ba214bb7c33e6c8bb0eb9cc17da8005ff3551e5fe1acf513fa967f3924aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f2101c6b1a028954681018e757fa9fd4

SHA1
67a23e07e6abdfeba96e3e9588c22010d3bdeb48

SHA256
14f2e731678f7250969aff67f47c2e02c8d346d4d392ac0fd229f2b65d8b64ba

SHA512
0d26d753b9b9f2c85ed7289f245ecf51da1eb1b9758ea24f9d77fe48e3947bb8e849383ec8d12f9e1aa49927dcc711e839261b6545b8ed6195f90bf07137785d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9ce4bfd559337333d4a5849b5513d88d

SHA1
791616f5374663fa923dfc95ba8bbac7e1556c6f

SHA256
e25c4a05a0d63400bbf59901af7180d921043ed1219912de6d64a65bc5a79176

SHA512
b82789df12fd24b18eb044b286b504c77fe9da3d81add7d0dbc35e4ccd555ebe816d868196642f126eb43c7415fd4d4bf54eafa5aaa6a0c0783eb5fb09df5ab5

Download Submit