caee6801f2cce35fff772b943a50499dc93cbc65efb251520d5bcc12d1ff1adb

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba559f49bcd81958b30255f5ae26bee1_JaffaCakes118.html
Size

103KB
MD5

ba559f49bcd81958b30255f5ae26bee1
SHA1

c437d4ebbdbe892e79ae98a89a83cf56286537d9
SHA256

caee6801f2cce35fff772b943a50499dc93cbc65efb251520d5bcc12d1ff1adb
SHA512

20dcdc8f33ee153c111382c76016efbb28330d6234fb39d2b76a77b1da524cf97dd85af1c79eb6569e54085727df442cc789d7f0d0d1235ccbe7941f10b4c7a3
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcCC/HAm0oLND/n8cZCl99zp:sqfRLmv

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2620	msedge.exe
2620	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2620	msedge.exe
2620	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 3868	2620	msedge.exe	86
PID 2620 wrote to memory of 3868	2620	msedge.exe	86
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2356	2620	msedge.exe	87
PID 2620 wrote to memory of 2996	2620	msedge.exe	88
PID 2620 wrote to memory of 2996	2620	msedge.exe	88
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89
PID 2620 wrote to memory of 1412	2620	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ba559f49bcd81958b30255f5ae26bee1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9023646f8,0x7ff902364708,0x7ff902364718
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13517811572651385908,6532667053849870363,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13517811572651385908,6532667053849870363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13517811572651385908,6532667053849870363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13517811572651385908,6532667053849870363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13517811572651385908,6532667053849870363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13517811572651385908,6532667053849870363,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6e607343527545306e3ac9c5f8b00798

SHA1
47c250cd32faa402c30c926c7ba83d769f7ceaca

SHA256
8c8d02d2cbd8dc977c6b71c82a289a1f549672057486fbb2a430d73917b22af6

SHA512
b5f7121ce1a1edf8c87a56483fa99a9640539e879f245b10d2ae33711e8df7cd762ca9d581d88f211dda9bb0c35b4a4b9526aa710e796bdb4a4d6358c76e177d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03782d8b52a9bf9159dfed4412d43271

SHA1
0e296a019679dd991292f9eab544dfc4e6e1b234

SHA256
97ab20209ceffd2a4aa9b7938e65258e41d3a58368e0f817dfcbbe8ee0425245

SHA512
63db49cdc34f52bb4952fa4c0b0628b2f32b14d405b2b67c70a6301dddd2a87cccd1a24849acc3386789189f0e7bf284c6944bed7413217f413443c18a8229e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ff38d078-975b-4964-a8c6-d691a9392795.tmp

Filesize
10KB

MD5
16fc0f4a00b2cfb144218da681cb34b5

SHA1
bb9ebff4a4b58d6748d2392caae7d3a355c85dca

SHA256
bc7c8f00b19a343aca9d03b1af97eafb574f0e2ea89700bac016eff8f03ec6c4

SHA512
24bb3c9f82ec83fed01c93339fefea9c929b581eef24ca1f4373b35995b3eb59795872c36800aeb21ff9797186df362c8480162a0856f5e87603f3e28971288e

Download Submit