04488fbdc2c70a7a5293db14f8d71e451d903471e14b48cd985ab9728de2f2f4

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf3b908ab53fc5ac94e0d638ef45533a_JaffaCakes118.html
Size

139KB
MD5

bf3b908ab53fc5ac94e0d638ef45533a
SHA1

bb8d490670ab207217ae8f0ae312c18a4d57acbe
SHA256

04488fbdc2c70a7a5293db14f8d71e451d903471e14b48cd985ab9728de2f2f4
SHA512

7d9b1e23b58593619f459a66d1be97fb534aa9103531b393a15765196e4496f16a3c8b470a9d490d01453583d6f6e76b442a3ae3f878c7529c55768c26d14e45
SSDEEP

3072:SsCBLQttEyfkMY+BES09JXAnyrZalI+YQ:SsC+sMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
4308	msedge.exe
4308	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4308 wrote to memory of 4892	4308	msedge.exe	84
PID 4308 wrote to memory of 4892	4308	msedge.exe	84
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 752	4308	msedge.exe	85
PID 4308 wrote to memory of 2512	4308	msedge.exe	86
PID 4308 wrote to memory of 2512	4308	msedge.exe	86
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87
PID 4308 wrote to memory of 3984	4308	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bf3b908ab53fc5ac94e0d638ef45533a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffae1746f8,0x7fffae174708,0x7fffae174718
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6487978095838870953,15695571459071014626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,6487978095838870953,15695571459071014626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,6487978095838870953,15695571459071014626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6487978095838870953,15695571459071014626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6487978095838870953,15695571459071014626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6487978095838870953,15695571459071014626,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
476B

MD5
2ca1e6c4c8e7a39e148741ed58ce1400

SHA1
5ff1238a9b290a00c6c503f667c3f1f69d2f5b32

SHA256
45e13b5bfe12a03c2a5e9217fd903f5895ca2b9c0668f0f5bdaa00106b782b7e

SHA512
9edfbba524a782302c8e603ffa15bdf2289d5ed1d5ca061ffecc9351d6c442cdf635684e5ca27b2bd4f1655537bf7967ec26bdc2f85be4e0494d83f82d1e60af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5db276485cbfcc03c1aff62bbf2fbf2e

SHA1
d1fa5e465222d43474a442b12b8870ea60e31a11

SHA256
8d94885b5e5cf16e2b049f4601ac18be333a3603a2e1af682536ce1573df5ca3

SHA512
a13e3fb5ba281dce803f7752db7bc6958d5f9b4fa0f3b863c75fb2963fad7866c628046e4505c25f8b7df1dc4a93ad587a3d69c10945a1dd5ff326f65c0c34fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a9fcfef2-7e44-4c65-a5e6-d95dad31a8db.tmp

Filesize
5KB

MD5
56e3e3bd82e849b3f75daf0d8489a351

SHA1
e88f5792cb9432eeb057a2c79b7111bc1cece703

SHA256
0e66cb87dbeee98e40883a773bf11ede1346d545278ea5f628067aed7e578465

SHA512
2a6df4fb4012ae76ddb887edce023bb5ed7adb193e0151b7103f0c92ea06132b9f0b65efe4eb6aa26187375d4610a6657e2e6e6174fcaea205812b466d909c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fa406037d636e31b4caedbbf5aedfc91

SHA1
04029748a6d501c0d0746dbf9a91883d007311c8

SHA256
8da4a162a7944c21584327bb04be312cd2b576691f8b63e89d86d72e3a18e03a

SHA512
914e2b9d8495f52a2537bdfaef1aec79ddc6ad7b1ed41894c54f9c557e05453bcc686a6f4ae87f2af0b3a660cec53f4636f751fcabb963720be140af46a68b62

Download Submit