fdf45c3adb10bdbc8ff4f4940179017e8df8c1001c812cc42a3a3ea9f0b37d87

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2024 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba908fd21abd9ac8522a8aef9b0af653_JaffaCakes118.html
Size

54KB
MD5

ba908fd21abd9ac8522a8aef9b0af653
SHA1

390e36aaef7e381a85894a581c9d905ce6a06417
SHA256

fdf45c3adb10bdbc8ff4f4940179017e8df8c1001c812cc42a3a3ea9f0b37d87
SHA512

ef4d73644484fff35194643e1c4a30bba5090bc691e5698ae1b786376faf592e70633a8df46391543a0cb8e686c641b42aea9e854072e409da3831148ed9c5cf
SSDEEP

768:ZrTpHvvCIoo98aNvbfopla0MzYl4KqI/S+DiqZgVt:Z5Hv7oS8aNTfoplanUfS+Du

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
436	msedge.exe
436	msedge.exe
3884	identity_helper.exe
3884	identity_helper.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 652	436	msedge.exe	84
PID 436 wrote to memory of 652	436	msedge.exe	84
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 1500	436	msedge.exe	85
PID 436 wrote to memory of 5108	436	msedge.exe	86
PID 436 wrote to memory of 5108	436	msedge.exe	86
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87
PID 436 wrote to memory of 3216	436	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ba908fd21abd9ac8522a8aef9b0af653_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdeab346f8,0x7ffdeab34708,0x7ffdeab34718
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13854051333117705978,8958218291490778871,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,13854051333117705978,8958218291490778871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,13854051333117705978,8958218291490778871,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13854051333117705978,8958218291490778871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13854051333117705978,8958218291490778871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13854051333117705978,8958218291490778871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,13854051333117705978,8958218291490778871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3060 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,13854051333117705978,8958218291490778871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13854051333117705978,8958218291490778871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13854051333117705978,8958218291490778871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13854051333117705978,8958218291490778871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13854051333117705978,8958218291490778871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13854051333117705978,8958218291490778871,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b537c8b9f87b49a30c3ef9ac0ba57a96

SHA1
cf09d3adf16574450571b96008a68181f096ada1

SHA256
ae5240bdfdb591ad679610d7c412fb4f2db74d7e27e53e6ee656047c1751738a

SHA512
6200bf5495299dac7f77b1c1ef96aabf716c0edf637d6bd7c84e7395896b884f59f30fbdbc7eb09dbdf7740a79c93c98bddfbbbbb193edd62fd14fb4088a5873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
83cd6323e8033dce97f354f488a9e401

SHA1
28193251d6fbf89c9790b4d8072e3260c2602055

SHA256
c7f1c8e5898ba5cf09f34bbb8e0eb22e48ea8507591c34b52c8051359b95bfdd

SHA512
51d5b47c6f70173b3b372cf38ed4fae5e17ee383c32cbad5e93389c69dc292620ace52aae4a8de063ac61680f0a0dd81ba7aaafdae545602d6098bf0499f5e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
64d3591f061e73fde3665dadf0bf578e

SHA1
5f84bcf7d40f953637ef8cabb75c8d7c9d63beea

SHA256
d81ebfca08146e2b698ebfd9bc83b2b8c0680ed65f2426d05ff7d45af19e85d2

SHA512
2e5b7fb69d5915aa37aab61c4af2bb14422756d2302ba3cf00dccd741e6201e41b9fba0e9ecaffd6b0e4752484844d4df7b061f01d617d3089a5dfcbb1374aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef28696fdc0c0adf3aceb3473ef1aef0

SHA1
79b4d8bd01a0d7bef65f5addc195c12361ddc10f

SHA256
4dee732762de959e3f76e2f58f607aa4e79d819f422553c6e284dbda2bc9a91e

SHA512
09fa6c40deaf4af4b57b4a7590f6c85d7dbfe08085f6c5d86c76597190b475313c5318ccd525f74c1f455008e810ad96f0998d24a2fc781c8ffb5def8590b5b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa6796b52de846e663db6ce1f5f8240a

SHA1
a369e9b128dcc40b895e0c50385ce90c959cb3cb

SHA256
0a58ecb3376d3d732c395cea5f25888afd4a814dacfebdb2e8024a4c9175ea90

SHA512
d2ee26bef549ffa6203a12ce1fbb3a98ec0c5857bdd95e1114fb1c028a99d5350afc2591488baeacaa037efea93ae828365171b705d6fffca9fcd3c182f3c847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8a959b9346c2cf827ed2eea57ca6bae2

SHA1
06613789e12082a84fff68e8710d1fe101d13cd1

SHA256
030c3b6880c2dc4f3fa3715a9986120a5d2bdb12680c38eca16e8ebaea9cde6a

SHA512
b34b3841e260f8bd92ebb8b7b1bcb143b4bb345b5b68c8f6c875a67f5bb3941a83128e352ce7b5b32eabc9e83f336970aac59033e992e35f6a745afb02946eb1

Download Submit