bb3f51dd7360ec80700a4a8e0f2836bb1e7676120242719d5c42907ed7711df8

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 07:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cf09aef14627f103e97554807cf4c8e2_JaffaCakes118.html
Size

18KB
MD5

cf09aef14627f103e97554807cf4c8e2
SHA1

ca4b2da1a921d51b21c3aee6f3e1e4102ab373ac
SHA256

bb3f51dd7360ec80700a4a8e0f2836bb1e7676120242719d5c42907ed7711df8
SHA512

4685a5821f25c73e2e66315469042403bdac08cdab81196ecb797892f6dc0892648a923bc1fd48c70ae4a4cd40ba90b2ed4131debe9de1babdf6a0d02e010f8a
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIL4lzUnjBhnp82qDB8:SIMd0I5nvHtsvnCxDB8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
4456	msedge.exe
4456	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 3540	4456	msedge.exe	83
PID 4456 wrote to memory of 3540	4456	msedge.exe	83
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 1128	4456	msedge.exe	84
PID 4456 wrote to memory of 5004	4456	msedge.exe	85
PID 4456 wrote to memory of 5004	4456	msedge.exe	85
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86
PID 4456 wrote to memory of 1752	4456	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cf09aef14627f103e97554807cf4c8e2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe661546f8,0x7ffe66154708,0x7ffe66154718
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15104436764842132665,3489576041088997652,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,15104436764842132665,3489576041088997652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,15104436764842132665,3489576041088997652,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15104436764842132665,3489576041088997652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15104436764842132665,3489576041088997652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15104436764842132665,3489576041088997652,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf9ea45bd88f221c356a84e80467ed5f

SHA1
19c76bae981352c68d3254b8af2d0a8f1750a352

SHA256
13620f28fd2f2701acea54e7d2826f6aa70822b7ee4a0770b561c08994516cc1

SHA512
1e2db2e4e7b05d2ad2e852a3457aadc90c8534c10b2321d644e32fce924a5080108ae637f54f3037671c2c33a52788f84022e1cb9a3216c2dd62f613b97a1a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d277762061982b64466ce7b68bf7304

SHA1
5c790f94cc7fcdc4549744c8c9c44ae82e37d0f1

SHA256
43bc9811dfaf6b9fce89bba85834cee56e4a498be90da8ac92c6900c57ac6735

SHA512
9b853d097a11cbb12897e8227f2c34c25ae4bd4593d89480b41d7a5036cfdf48c9dda510a6edc080f2b67514f7825d0551724a88fc7d7cf87ce63a72ab83bc65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c073bc438b8bf9366172b0ac341b92fa

SHA1
66427f3b461a400f779558347620b9c64ee25595

SHA256
a6c19680819f6fa9a36ab6598504f00053a233f959626115264aa4df0f72fd46

SHA512
3af544539222932c27e5b0e45a9d5dc365ca4a6dd9673fb3975046d2cdd220c0b1a3b4bb923e3d635e1c5d95c6baeca1ba6736b481474520a3ff2729a9f78143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9e3038e6aab73088e1d3e28472708f80

SHA1
192e1bb960d611993029eef3a5e50746a8c8fad1

SHA256
7b0225d6af42b119b9859002d514112ed0b9eda0f6931006dd5cd945ea232b61

SHA512
34510081a6c0be0b642f804fa435f3fe9671d9fd42b952b07edd14eee1f287f6ff24d2d53ca99c63094d83b08cdc0c491c4aa8312be266f625e9b8e73e7ece6b

Download Submit