4d39e53636626470b8291710b0200a438d9763754558868c755ad8456ea49343

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 23:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d3029a72609c8fa6dc91aac344d0a265_JaffaCakes118.html
Size

19KB
MD5

d3029a72609c8fa6dc91aac344d0a265
SHA1

24f3336705b5cfdb4e9ac2dfeb67e618211d9e2f
SHA256

4d39e53636626470b8291710b0200a438d9763754558868c755ad8456ea49343
SHA512

566be546533650806c226e328b1a36e21ec6a8990e0f153b9fa6f757b0ede21640b7af50efc09a7191baccf4bdb8d016ac66306fd4790bd8b9de7dc55c9176da
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIE4gzUnjBhs282qDB8:SIMd0I5nO9H9svs1xDB8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
2880	msedge.exe
2880	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2880	msedge.exe
2880	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 1436	2880	msedge.exe	83
PID 2880 wrote to memory of 1436	2880	msedge.exe	83
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 852	2880	msedge.exe	84
PID 2880 wrote to memory of 4936	2880	msedge.exe	85
PID 2880 wrote to memory of 4936	2880	msedge.exe	85
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86
PID 2880 wrote to memory of 3808	2880	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d3029a72609c8fa6dc91aac344d0a265_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa591d46f8,0x7ffa591d4708,0x7ffa591d4718
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,12123751538099104807,6592932850715132838,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,12123751538099104807,6592932850715132838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,12123751538099104807,6592932850715132838,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12123751538099104807,6592932850715132838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12123751538099104807,6592932850715132838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,12123751538099104807,6592932850715132838,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f1128ab01ef814d4f3afcaa04f509ff7

SHA1
81b550456af9a26174152d2230c70e22e3f225fd

SHA256
d3d78158a54119f2d7e9cf43128c8b5eac85c20c1edd8564c018ef977140075c

SHA512
5744595bd7ae59c2f5d5ba131dc7f2015ba6157d1530f1f764f6eb98d57f2a9af5cde0b1cd0e44474ea0390ebf3f58394ad5e6e678b920672bac2721c740e0bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eecea0a7a7f32a6deed4981c1fcc07c5

SHA1
e88be280c6769f49ee888ba98ffadd28d8d4a611

SHA256
22fee5ba12d7d520a063bd7c193f393fee1bb516e7e76d21f17658f422f4efea

SHA512
b31cbbf56d07ab18e1d6b4ef1a377d11e38b94c2ad62d17ec2f7af374bbd92944f6e3cb7b84d26c04e5f8f6e155f23a7bc8a077c37f96f52cceacc07655b2e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a39798ca2f14561ab37d1ff26464d2b1

SHA1
85f0d830a5480d75d2aa7bd1fa100ab2fb221c38

SHA256
695fbc8330930541f30cd6d47143340199c18f6db61dc6170fbde370c0d3448d

SHA512
a7b49a51054b5b598148a5412e9c10c0f6c6f5822db958e6c49192bff980cecdb9f6f3625ee495114d89d1422951b308c035b99220817fd87e575ef1c123f0e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
12076567a8381818faeb5bed1e8fa2d9

SHA1
108a013a16e507b80ac1a5d6d30d60911f26acd8

SHA256
ffd2b71b58b5f56904dba3f6f0d20b484530843c6958c7bf264acaa939f7a669

SHA512
03fa03be8f7f33c83183655a25605ffcb1b9afda8079bf4b0db021f4a5eb4fa158391831fa066d24e3c9483b16d11af97910a94c3bd5a659e304a7dde486f113

Download Submit