0b9af3217dbeb149024f42f707f516d1266ff0e2d3450876a28fb09a142cd5a7

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d545ff87b4a7310f856c10add77d4fc0_JaffaCakes118.html
Size

9KB
MD5

d545ff87b4a7310f856c10add77d4fc0
SHA1

6fa69f38fe4180df0d04b36e2677aad744f270b7
SHA256

0b9af3217dbeb149024f42f707f516d1266ff0e2d3450876a28fb09a142cd5a7
SHA512

05ae80fe89a86806ecbc5c3f0947c82588cf10717b40442dd49b9b45d6db4e67bc8384589deb79fba389db09ae623cc1419f777b37f2cfc2b99f1792b8dd023d
SSDEEP

192:eFPNoFe4/fYVZOR4eLYQAl7clUbT1lOCqT7aH0peTL8TBIhPq:KtGf7R4ctA5ceb23l82ug

Score

5^/10

paypal discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand paypal.
phishing paypal
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1348	msedge.exe
1348	msedge.exe
972	msedge.exe
972	msedge.exe
1800	identity_helper.exe
1800	identity_helper.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 972 wrote to memory of 1176	972	msedge.exe	85
PID 972 wrote to memory of 1176	972	msedge.exe	85
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1480	972	msedge.exe	86
PID 972 wrote to memory of 1348	972	msedge.exe	87
PID 972 wrote to memory of 1348	972	msedge.exe	87
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88
PID 972 wrote to memory of 3576	972	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d545ff87b4a7310f856c10add77d4fc0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80c1846f8,0x7ff80c184708,0x7ff80c184718
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6427203907781930348,9433779540363466266,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,6427203907781930348,9433779540363466266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,6427203907781930348,9433779540363466266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6427203907781930348,9433779540363466266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6427203907781930348,9433779540363466266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6427203907781930348,9433779540363466266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6427203907781930348,9433779540363466266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6427203907781930348,9433779540363466266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6427203907781930348,9433779540363466266,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6427203907781930348,9433779540363466266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6427203907781930348,9433779540363466266,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6427203907781930348,9433779540363466266,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
189B

MD5
efd079652ad21c50d69ad30ccf61a40d

SHA1
000bc74057bb6ab42d2a160349e1597edb211bc2

SHA256
045646bc1a87f1ce57c87ba8a6ed5332e36f71e667ac712be1df2fef80385f8f

SHA512
35f643af8bb12bb445e3e6ce7577376dc69010ddf8d7e76752d703cb50f091bdeb9947b9718baa6e9e286d69df19a794522e446f29d58dc26dfea571045f51ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5821b4795fb05e35bfd46d540b7fc6f7

SHA1
a9c1c790e47a5e1053b0b8c3ab70c47e40009c74

SHA256
9a4483234a34f67126f6eabf5c6586ed2a2c7054b78527cbfdb5426284e4d713

SHA512
866340331223f249e3434cdb557266b064001c802f6227399836d9929f67abed8d0c58da99ec185b11fa055d6f6f5352efb34a0825b7ced59c0fe3c284f5b851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ea0592031e49e5cbc405245a0ca37d3e

SHA1
21b5408dc8f2312156e48f73346052169c7ec010

SHA256
0f584f12421d33bc3a8aa353d97a313ebf6191075f26bbfc5b80ba90983e8112

SHA512
86fd7e4cf1dbf9a0bd5c77b06e3b5146da53600dbdffb7776c120877468b648fec8f6ff3d8947d5e6c0bbf9774be1db86d283ebdb1bf46afe8f42801ddaa6723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58b44607f1fbe0a00eab6e0c4eaac17e

SHA1
618699ad4bd7da6965c0aa58557c720aa36ecc28

SHA256
345d13da29657bfc3fd1b55276bb9414e267561f51d56a92fa2e0d6aec9ebd7a

SHA512
8e3a8ef02c5fb6d2b9e579af65bbbc6fa1d05b3e914f27f0a79ec77a5ea1e0b007e6b184421045663460e01d1076c02aa7ad1d507d1fb80b19d0c153e931e64b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
b0146b02df163dcf4b2d3da6af9e795f

SHA1
f365db58188cadd36c6250f797a0a1c4f7b50738

SHA256
52636a1dd5573f3ccf16e99545518c2f2da0eab120eca381d382cb543fbde570

SHA512
eff712c2dd1f8ccc9618ff2eb411591cc50292b241f6c8cb350339c28de43091db61f4a36ad73eebe3cdbfcebed5380bb54c519d6e87e54d69868d750d87d706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580b94.TMP

Filesize
203B

MD5
21d09813605cffc36d128a13efe7c61f

SHA1
fca59e374f380941c56a3476f5c69fee1f34ea04

SHA256
d0c4ddfa9a9c42b879b9338817d6e8b49459808d1f15cb9e1212b277b9f6bd7d

SHA512
90e29ace707f6e34f81923ef88b30dd0d666419b8fe6886029bbd71838268bda65b98fcec825d4a2e6dd32fcce48d653c60726bdaa0110eb1fc9b312aa494292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dec9c5d5f84d9973e5d564736509fb79

SHA1
72871fff17735b1ecc5b971f2c109958f9723ba3

SHA256
6956735795e3e6fa808fd864cb2c06278295f3d82507729546fffbc010ba6d16

SHA512
d48b0f951230b25d1c9909ff6ccb692b58dc01ff9475a6434d63cb0a325c2e59b13c32c765ba6ef5945ab14c619bb8dd5d902b8189f5fe29dc8010fa26a954ae

Download Submit