6f673f35a67f6224947591e853c5aab1d18801301c01ef1f0a7787480e78400d

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 09:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d1a0be762fe71e3d1e695733d97ff19b_JaffaCakes118.html
Size

18KB
MD5

d1a0be762fe71e3d1e695733d97ff19b
SHA1

71dd3b037bd7d184527a37d51c43d1ba9a537984
SHA256

6f673f35a67f6224947591e853c5aab1d18801301c01ef1f0a7787480e78400d
SHA512

20ef04d0ac19d65fb9b7b1c41a924ce1f0396dbd216c534daff7ef71da8b5c8b1706a28d7eb215b3eafd15720fe196e00ac8dc275291bf39bec92b99248d4a88
SSDEEP

384:SIMd0I5nO9Hb0gEk4u++WkDYB4sv1gdBxDB8:SE90gEk4u++WkDYB4wSBA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3412	msedge.exe
3412	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3412	msedge.exe
3412	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3412 wrote to memory of 4264	3412	msedge.exe	83
PID 3412 wrote to memory of 4264	3412	msedge.exe	83
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 1012	3412	msedge.exe	84
PID 3412 wrote to memory of 3924	3412	msedge.exe	85
PID 3412 wrote to memory of 3924	3412	msedge.exe	85
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86
PID 3412 wrote to memory of 2532	3412	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d1a0be762fe71e3d1e695733d97ff19b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e0d346f8,0x7ff8e0d34708,0x7ff8e0d34718
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,1685161773908150677,2985675374801385401,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,1685161773908150677,2985675374801385401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,1685161773908150677,2985675374801385401,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1685161773908150677,2985675374801385401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1685161773908150677,2985675374801385401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,1685161773908150677,2985675374801385401,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7795a25d16d36f0a6029a155bf41d7d1

SHA1
c5692d5439537b999f425638462d84195f5fc6f3

SHA256
56d8d4f3e6e77ab84e4244bb693d0a816dda0b9b0f28230a7a06a52d26ea9a6e

SHA512
b170066736f1465b1addb664d318ce7c23f6ee74557b10a99c0faa96115e4911c3f8761fd533b271d2bc0e6706b9848fb7cc62343bbf53d4ce6d9e3f240f634a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c9b6395d425bf55f8a0962f70f3a7432

SHA1
eedf8503d3284242201f50d3f5444c47772f3df0

SHA256
f0e6a98f87a6cbf7e94f22271775cefa9bb6beecf18c767bedaaf1e191803418

SHA512
3ff742d7c1c3dadd3782fbbdcb936aac9b22bc4a8ef4b055925ea6d36527887e62001694ce94d5bb6d8d575c580602e3049fce50337322c3dea723e86cd0dbee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31fd87c9bd1916b22238620b11caacc1

SHA1
d29e07629a2d13a97299beead120b961d6c6f964

SHA256
ec35d66711e84184e6ef8af9a97ba4b12a12d0355236d2b5af5932acdf44c85a

SHA512
356ffdeae985963bc2a2883fb2fe6bf3ff58abfaf0991fb0011319fee4e63ecdd8d0e1557140783b5ed266de90bc96afda1f992e2f8af5e13bd4234a0d54b18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d2a63076d88eb5976362a9a09ee2ef92

SHA1
ecb39db7570b665b33bcaefbfe76c94730b75547

SHA256
5e2c158da6bdca4111329376c6b404fc24a89c57b977a18c2d45bd5d160d0331

SHA512
f7c0f75db2686f153aea1191a3be89426e9b877f48bd66da0dfba2f40c53cc67d15cb9dfed080ab474e425d1f224d4b43b8bd4870c126b955f19fb932269b043

Download Submit