751e74b4757b19a1b60f4682009a6a1ba0f45118df88912ee9360b5f345e3685

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1e3c1d4a2ee1dac1ad14f1ea1334f30_JaffaCakes118.html
Size

48KB
MD5

d1e3c1d4a2ee1dac1ad14f1ea1334f30
SHA1

7fd6192070f98d7a2d40531f99611ea9c1d8af37
SHA256

751e74b4757b19a1b60f4682009a6a1ba0f45118df88912ee9360b5f345e3685
SHA512

05a3c9b62d3b3dc3f994c95cc2a7945b856ce3e418c01ebfb815e1c994484835da9c163d76ff8267970a2970211917138a39c0d715d53584806b5f06c194d2da
SSDEEP

768:cX/F5YlcACEjDKeGF/iwRqDes3IyuzmiCsQzvY8B6oFs3H:cXdelcACEjmiwRqqsGzFC9Y84

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
2232	msedge.exe
2232	msedge.exe
1688	identity_helper.exe
1688	identity_helper.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 3404	2232	msedge.exe	82
PID 2232 wrote to memory of 3404	2232	msedge.exe	82
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 836	2232	msedge.exe	83
PID 2232 wrote to memory of 3680	2232	msedge.exe	84
PID 2232 wrote to memory of 3680	2232	msedge.exe	84
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85
PID 2232 wrote to memory of 3624	2232	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d1e3c1d4a2ee1dac1ad14f1ea1334f30_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe4,0x100,0x104,0xd8,0x108,0x7ffd2ffd46f8,0x7ffd2ffd4708,0x7ffd2ffd4718
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,17505569900052965276,14921259854849983662,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,17505569900052965276,14921259854849983662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,17505569900052965276,14921259854849983662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17505569900052965276,14921259854849983662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17505569900052965276,14921259854849983662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17505569900052965276,14921259854849983662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17505569900052965276,14921259854849983662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,17505569900052965276,14921259854849983662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,17505569900052965276,14921259854849983662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17505569900052965276,14921259854849983662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17505569900052965276,14921259854849983662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17505569900052965276,14921259854849983662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17505569900052965276,14921259854849983662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,17505569900052965276,14921259854849983662,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
cc69358876880e0393132e844b2e83ee

SHA1
d3c731581f190bf8bc5f3c0bd6e878281c08c09d

SHA256
831f06395da86b7a566576c790af16484f11b51412a5ab6a7215301d86b2e597

SHA512
3affc23e1359d17029f6b07d7536416c3587884916ad951a62dd272e68cc1ae4ed36ccda4c9c92f5df2a24d14129ae78674732198eb303305b264b15aeffc4a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
794B

MD5
323f2146af7d3f09aca68f9509efeb22

SHA1
ea0b04061f5c2ad616f4e651125327af95ba6670

SHA256
799c5d101a2cbf9837f552cb330036c517957909894f2f0e8da2f648212508bc

SHA512
34f18d1b05b68811811e5c72786025cd55e16c1ca8072add750aca3144034e6a62e8e753174a850eaa0b12b0f9e4dbfb4c637a2033a3a1817c45409a193d6f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b12e710e18d7fb1f8e55ae344baed351

SHA1
4337b926c4b61468726d3fb2828069922fb6751c

SHA256
d2c17b667c5fee17ebc529868e740fbb951df11342f601bff3de7f8eb4723027

SHA512
16cfc3243b1c1e91d959531bfc56f0e6e74ae939de732e34e99e13a14aa5cd37d62325f5993643c1dff05d654750cd98ab3013b17283852d8deec9884bb1459c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5f656d787413480966d7db6e112efc22

SHA1
771f7ea07efea6313264b3cbf493c48dfd3ec044

SHA256
9a92c16b959c4f8210b1cacec1fbcf545e9ada8042ad68dcb981e3030a6b3dda

SHA512
d246e612c1600f4c51692bb3b03bf15a0bfc1db5eda4a4c8b886cdd7208e7c537072b22d56c5df9f26a8878f691107ccdb9eb6ad09e2a7e1ce8bd2da376f54e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3c1573105be8ca64d4d7ab2c74d5b577

SHA1
e2fd67b4f37e77eaa058297f2ba9ce985e646ca2

SHA256
a46cefcb62ff29faf5abf456e2c0bbea9503b5f17dc9ffe5b64ce59ba49aed05

SHA512
d0bcc5afe0045c362ff968912792971cf32df7b73b08296096b5e99ce114f19725fdc260d88a1bedf3a3b4ac8d7268dcb36f5ad752e60e81e194330b873243e0

Download Submit