31950ce7e171fd422cbf8badc85c4063fe06fa7c2f0503f8d769468caf5de0ff

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 10:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

be5d2436780b5405c40560b9b72fcb04_JaffaCakes118.html
Size

62KB
MD5

be5d2436780b5405c40560b9b72fcb04
SHA1

f16a085f0c3973d753376e11b4fa7c78cb5026c4
SHA256

31950ce7e171fd422cbf8badc85c4063fe06fa7c2f0503f8d769468caf5de0ff
SHA512

e8c3b9dfdd46c96c351142019a3a2ff6dee388b2f4c3b87663600bc43e0d7287b3f5f5e2df128c5cc3fa5b00d42b885930731f4657dcdb296e156b51659e6714
SSDEEP

1536:fHaGqPMts8MjIPdhyerOePKz6cqWbHFV8P1SWvSArXcVV/oeIibQMhAmL6zNJbXG:fHaGc8MayerOOKz6+HFV8PHvSVbQMhAa

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3084	msedge.exe
3084	msedge.exe
2444	msedge.exe
2444	msedge.exe
2528	identity_helper.exe
2528	identity_helper.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 4672	2444	msedge.exe	84
PID 2444 wrote to memory of 4672	2444	msedge.exe	84
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 1492	2444	msedge.exe	87
PID 2444 wrote to memory of 3084	2444	msedge.exe	88
PID 2444 wrote to memory of 3084	2444	msedge.exe	88
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89
PID 2444 wrote to memory of 2476	2444	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\be5d2436780b5405c40560b9b72fcb04_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ef2a46f8,0x7ff8ef2a4708,0x7ff8ef2a4718
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1480,4497900528663220583,12389842093889596745,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1480,4497900528663220583,12389842093889596745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1480,4497900528663220583,12389842093889596745,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,4497900528663220583,12389842093889596745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,4497900528663220583,12389842093889596745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1480,4497900528663220583,12389842093889596745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1480,4497900528663220583,12389842093889596745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,4497900528663220583,12389842093889596745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,4497900528663220583,12389842093889596745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,4497900528663220583,12389842093889596745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,4497900528663220583,12389842093889596745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1480,4497900528663220583,12389842093889596745,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
341B

MD5
fb4c73becdd3a14fe3b157e530c0ad02

SHA1
6f39c826c981cd902f4f1cb6e113cb57717db4d4

SHA256
4bab6338cdc45940c5cca6a31e6e45e881776e8e86ef4036de846c49d119fa0e

SHA512
ef02a61cecbef5b004a3bd5b65cf30199673aea57ef83c687bb228ac22255dd8e0c2b8246fe5f87d3f0157702d1f0a6d29a3e9f6ce1002623b18a6756650f39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c670acac7002225247340e009280847

SHA1
fd00378c9790a41f779b907608edaea8915d8b60

SHA256
5c148eea01426339cd5e35d73f39d705811edf83e75c65929b15681345256ced

SHA512
f301e82b2ecb9383349e7c4914d72e577bd4aad7e2d72f69d443ac60a8efe4d4bfe59f29ef80768f4e543de619f2a2f7bf19ba16bd3d761a50e528f90bd42124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a606ef624080010c94f8f73e34e9e34f

SHA1
7ae75a652d9f1770c44b37be9f2d8d5f35e913f2

SHA256
8b4ad5cd6e07017b2c6a5cb1ff81846bf88f1ad4c69adc4777901c181a9bd737

SHA512
6f91329b9a8f9806d2aa8d9f0a6031434a7536d42475ba830742541617ef962cfe331b1dc464193ac54b6e72354b3bb08085a7cd2de88a16a05d79d7f9895149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
aa0934ba66a897519588c82efaafafc0

SHA1
a0a454425c6823c651f2672bbb9a050c4f125288

SHA256
9fc9991401638bb945afcbb5ef3ed92ddd3c0c8c57d5dd3036a2f76166023e6b

SHA512
8ff9064a05eb64ce4d3cd05138bb8446839486726f3a1e931de30cec5c595a356779e9e41272ff0f8aee1601df64d4c2b006a4521fcd1529894b51d5121d9fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580460.TMP

Filesize
539B

MD5
f966ccf43a564c7aab264f7184db3074

SHA1
996fe575090bc5cbba9ee1e45c9060c0df3c8ddb

SHA256
6e23fe7c73a167da318d2cccde5375387fddab7e9fe4ffd6f9c59085ef8a0799

SHA512
f1a8c8319f21fd96d892502b5408dfa9274406fd1824199f80abddaa3381a14636369ffcdada2549bf1228945c7ae90ac2c3e97bc997442c430d79423f58076e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb3092875599444e4bca5401ba653f2a

SHA1
6b2a0ca9c72e8e50ed01d930eebd9b416adfa70b

SHA256
eb617c4063f7babbcf52bb7b8eecc88354a33194b21cfeec71c50579b054c295

SHA512
cbd2b1fe2bbfa48d3beb2ce75f8ba0c9c5453b9b4ed66e51d2e7f8d71889511d656af14e454dc4cb7cd8acd6d9d2b5816846e79427e25cf4045a534d9ea19f53

Download Submit