f9c39e8df004cde4b5dc174437b76aefbf577d4d80e5c0d20b7af31ea74d52af

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c900b724da3c8ddbc6a810b3c012661e_JaffaCakes118.html
Size

75KB
MD5

c900b724da3c8ddbc6a810b3c012661e
SHA1

c64f92aeabc04426f663ba31b8ee1a522fb3a2d9
SHA256

f9c39e8df004cde4b5dc174437b76aefbf577d4d80e5c0d20b7af31ea74d52af
SHA512

f7f913afb214a89cb464bb69f6629f1057ffc9094bd1422b78ba2b0a01c40f1e0fe2148e050ac51def5df26f3f704a0742cf00b88da66acea63eb7dedd998c4e
SSDEEP

768:h9+uuuLs9OG/J8mxZhcRCzA7iLrIb0BgB+enXki:h9+uuuLskWnxZhcRCzWWNBgB+enXki

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1064	msedge.exe
1064	msedge.exe
556	msedge.exe
556	msedge.exe
1516	msedge.exe
1516	msedge.exe
4912	identity_helper.exe
4912	identity_helper.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 556 wrote to memory of 4252	556	msedge.exe	84
PID 556 wrote to memory of 4252	556	msedge.exe	84
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1556	556	msedge.exe	85
PID 556 wrote to memory of 1064	556	msedge.exe	86
PID 556 wrote to memory of 1064	556	msedge.exe	86
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87
PID 556 wrote to memory of 2616	556	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c900b724da3c8ddbc6a810b3c012661e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9c6946f8,0x7ffc9c694708,0x7ffc9c694718
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
497B

MD5
2ce123c1e02205b496b9b1955b17c69b

SHA1
22d7a616ad955eb404eac6ca5ff27319f3406fc1

SHA256
11f000dea7040c56c66d2b95ffe47b1b00a3a3ee246307abdca321f9998ed0b7

SHA512
844e8af24b3ed02d8555225a055d396c3ac4a0bd43a57db84b6a717b1b76241f84add1ad8d80d99f2780c6acdce5de710088ecf313f316ce5983816ec849d044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
326bb3ed3972087724ca71e2d50ce09b

SHA1
f17373170ee52c3ab4ee5cb776aaf918bb796ba5

SHA256
a78d3a22be7e522d33f99df44332d1a66e197c7b56fabe7a34cf6903ccc2207d

SHA512
10bf84da8551a5d488c4415c18bcbff4871a29b35f0092ce05ce968979d98d781ce03d4890e176037958981af565b066e10ffbdb3023c8fee3e418aea723c690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ca7ce7ae93eff3e97fdcdc3ce15db098

SHA1
be7808df1266b09a022ade748265b3f33a071918

SHA256
8bdd8b7da6414d1eb803c7e6d6fe9204754b80a72c05a397c590f562dbf22616

SHA512
c6ec46923dc28812f4cd48e5fc9239e5fe2a8d77431f8f59c0e203a0e5566769a67a731cb9937bc7a29efc09a03d224ae0fde9ccd4b338e220584683ae36a58e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c51b35eefd59acdc93b09e9808cc1c97

SHA1
21e50fdcd668d27ebfbdcc2f21c8d8ea115bc4a2

SHA256
1fb048771bd0329526f5a9e1be21d1f26708e72a4244c4e00e71a5ffc1f08839

SHA512
ef558a4411f8d231d9ae1849a670e051b30a56667010dd15fbd93de295fd76093a7e733133fb8fb7cec7c2d763f6cf473b28f243a1887a9bb6bd238878d354a6

Download Submit