0b514a3a55e673f2c4f182075d72194bb73f01b4a03481ccffb8cfb85a6faa47

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 10:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cf583acfa7b5a7f431ceec88e93fa4eb_JaffaCakes118.html
Size

66KB
MD5

cf583acfa7b5a7f431ceec88e93fa4eb
SHA1

bc6f1ecb1134552072336fde5b9c862b930d80dd
SHA256

0b514a3a55e673f2c4f182075d72194bb73f01b4a03481ccffb8cfb85a6faa47
SHA512

2f699dc8050d7e287b4f6dc4ac0d22accbf7c91d3565359f075cc324df144adf0a7d9f86bb4d8fea65c4dd0bfd351c3d5bc0334d814fbe9550c6d78adeb3c319
SSDEEP

768:yr8gOriWNcaSoEjCmqKlWEkmifrhwv6lHA+sa/xOZWltic2SFCmAeH:YljCMdidwv62b6tiY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
1660	msedge.exe
1660	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 4952	1660	msedge.exe	83
PID 1660 wrote to memory of 4952	1660	msedge.exe	83
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 3940	1660	msedge.exe	84
PID 1660 wrote to memory of 4396	1660	msedge.exe	85
PID 1660 wrote to memory of 4396	1660	msedge.exe	85
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86
PID 1660 wrote to memory of 2272	1660	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cf583acfa7b5a7f431ceec88e93fa4eb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ada746f8,0x7ff9ada74708,0x7ff9ada74718
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17635910137466899524,15672080749011813719,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17635910137466899524,15672080749011813719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17635910137466899524,15672080749011813719,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17635910137466899524,15672080749011813719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17635910137466899524,15672080749011813719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17635910137466899524,15672080749011813719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17635910137466899524,15672080749011813719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17635910137466899524,15672080749011813719,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a219ba97aa8ff558d30e3fc71b7c5eff

SHA1
1da274654bcf4b5f0ae6ba5b40ec71d3fb15d57f

SHA256
c4f42461768ccd61606ef8cc61bdb7a796ef9e18fa3291ebb99d62f92abfee94

SHA512
f7ed6b90fe88d7c46231e84746aa6ebc654dcbf44cb3dba648d8f6742ae6515093713a77940b65904532e23b97b5ece13fc1997382f8fc5cf29195f2b4486ca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b299716b1f099b24b5a6c2503289ad5c

SHA1
497910d5f5281ac2a34e39d20440c45bf53e76d6

SHA256
50d24c4efd7c405b634391a369d6f21cf39ce07a19929bee9e5a58013b29b1f6

SHA512
325bb61c754ee11cf8bb3b40fe392586c6c075cc88610d5266185b020563e431039f3d1ce3fa1f6334466112edd36dd00c89ab6242af600205535f3be978b452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fdd48ae94fe3f13c0db055437896b06c

SHA1
b3b695efbb9f5521d107a2395ce0eee17243d75d

SHA256
96f564dfb68e7919074f09aa9327f958de69e6e7b9687ccb1e1db21755fe2c20

SHA512
45525c1d1748dd36afa5098fa55669d749fad619e8cfaf52375e82a51ffb3439bde209f2340a37b66294fa76f1d64cc49d1d5527a34b1311d2a8af9510683c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f22146f8ec62ff783eb557852016453

SHA1
fa4d74a0435d9d9becae8df0782a49dd8bd071cd

SHA256
2af0a9d4548620a45e333bccfc8233b0087470d11f890f02855df529af67c58a

SHA512
a28c1c79a5fc39ff111139348ff27a67cae95da366234a76325357f06582217fda24b8fd02848e51f66e0f4e50dbae6c1f622fddbe30faa00023ad1345e6a644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ddafda0b49a3b481680cbb08903346b

SHA1
5c3a505998a54a2ead70225770472cfbdfe34da0

SHA256
c5286143e336551f1df7d3fc82507ae6d0487ae0d84ae1a29167f115d45ff59f

SHA512
56f8d6da9c6c20c2915203f833d5eb9c74be5307c5350d216cf71c7323a7bec2dc35c52d9e65061100b7ebef895c2a703540f9d8512ee06039497a1dfdce98c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\be3a302b-d8b9-46da-9afd-6e6f721f67b2.tmp

Filesize
5KB

MD5
ad79789d290cf183e801279466c66e7a

SHA1
864601279a67ccdf279e52dba5d40e5e94b4ce21

SHA256
f3b7eebf8dda108899416cdd3acb7eba6e47a23449220c582ef14d9a6ec6ddfb

SHA512
ed874d4907624062ef2e225961c0c87dae5dd8ef7a9a81ad9e0fa99d7c9260172730c5029224f0f2d793361807a0226e153e6f58a4b8aceedce2522ead707e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
91a74414c9f0f01e3b13dce63c7f7b72

SHA1
a9f08a3ec22c9d3dd908076b5dcc346baf47dc08

SHA256
22d20ee6720718a32ad5bd9def3aa9221723e6f3b0450fd329cac35075180933

SHA512
66a0754377e2c9612f0262056959fd8109367a013e1f55cc391e56b7a1c4efac20b6c6a1ea5eba2157e952d694aa57c3931647a4f461b06b50cda86cade4cf92

Download Submit