bd31cb7152c1742d5d7d5d4d5b957896bee8beda13e7b795553cb45d6f1b4020

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d47d0e30738f843616691600d75a146d_JaffaCakes118.html
Size

33KB
MD5

d47d0e30738f843616691600d75a146d
SHA1

f23be68223db1f8310d321a4d99a0c9ebec961d2
SHA256

bd31cb7152c1742d5d7d5d4d5b957896bee8beda13e7b795553cb45d6f1b4020
SHA512

376ff46f027b0e2e9bbf753b2b08aae2640975ad5b6046552a16b4c43ac8b17205a5dabf62231c08ac67b3d6b467f7e150cb8045c926c777941d667caa0f89a9
SSDEEP

768:uOeSONo/MChlEC9jpXgsC3jfU7DlrlIjlqWq3nnHE9QQZFRqCOYlYF7k73g5+T1:ut2MChlEC9jpwsC3jM7DlrlIjlZinnHK

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
2100	msedge.exe
2100	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 3268	2100	msedge.exe	83
PID 2100 wrote to memory of 3268	2100	msedge.exe	83
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4840	2100	msedge.exe	84
PID 2100 wrote to memory of 4184	2100	msedge.exe	85
PID 2100 wrote to memory of 4184	2100	msedge.exe	85
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86
PID 2100 wrote to memory of 4924	2100	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d47d0e30738f843616691600d75a146d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3b9b46f8,0x7fff3b9b4708,0x7fff3b9b4718
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,17538477924581872393,4834336777896736836,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,17538477924581872393,4834336777896736836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,17538477924581872393,4834336777896736836,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17538477924581872393,4834336777896736836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17538477924581872393,4834336777896736836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,17538477924581872393,4834336777896736836,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
309B

MD5
80835ccfda718888111229fe7b868a9b

SHA1
dfd5aafef44879c846f2048a11501f48f5fedb88

SHA256
99c32979c8fa6defaf4486d005231108aecac0ae96cfd7ea9de312cd17f68136

SHA512
4540f1ab7e160317ff45a99c661566d2dc78c3d0f934cd4b2954c4c9e2280468ef9664ac1f5471a365feccc376bd6b12cf63d3fd9d1cd81886c327de185290ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ab9faa5df2ff849398d08e558296697a

SHA1
146121116e3c497b30e05d29fbb2c664a07e8c2e

SHA256
4ac059e74ae76e356fcb220e8da4eb0ea20bbbfe32313c6aee41e9eee477f3aa

SHA512
6a83978215de8f6e12ff42c0ca60e74d7b02be081082a85e353beaefeedff4dc03f3417590e599e2dd89cb71428dd4cc410e1b59bf6cf9f2f0e20c9b32ef7552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd49774c70fcff708dcb6183bad319e0

SHA1
f0a8599bac301d0341b13e51cf27cdee1fd2f03e

SHA256
d64cec7d4cbabdf222c6c7cbb7423438e501f85539df86d64736da3c336f8253

SHA512
a50abead760900c97c1d693f36955540886acfecff39d2cff73d4e3815fb767d39419a02388fb877cbf0365dca26ad815b640aed7d569a39ffde4c3093077e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0efc7886f790405c5cbccb00a6284653

SHA1
f132ff2788120b0146dd108b732a3c8d9666b266

SHA256
b8e9ead592b2b7e9157eb29f21534bd911ce34508e25d0566fcc10c120942997

SHA512
89777d85a19b9498ecfc4419ccfe650f0d0a5265847246549b5ca1aa20b25295525cc2ec2dbbe19ea1876c48d543558b30db759dbdeee2138f51f32448eff193

Download Submit