eda14295892d4da72df078d1dc4185f5850f9e59ee68874f6f69dc3dc4f9664f

Analysis

max time kernel
145s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dcc22bbe2b3da44c1ecb6bd3bb17b3b1_JaffaCakes118.html
Size

127KB
MD5

dcc22bbe2b3da44c1ecb6bd3bb17b3b1
SHA1

ea69ac4ae2eee012f90d64f889a436433e521856
SHA256

eda14295892d4da72df078d1dc4185f5850f9e59ee68874f6f69dc3dc4f9664f
SHA512

25cb8fb568fe557ae1414278332516edd2c57d87fa8f61a7ae62a5e370faee9309c4d108c6b430a5ab8b58e1b288dd7b9558afc93cfa1253226a0fb54606478a
SSDEEP

1536:1bJKocyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:/cyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
3360	msedge.exe
3360	msedge.exe
4640	identity_helper.exe
4640	identity_helper.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 2932	3360	msedge.exe	82
PID 3360 wrote to memory of 2932	3360	msedge.exe	82
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 2532	3360	msedge.exe	83
PID 3360 wrote to memory of 5056	3360	msedge.exe	84
PID 3360 wrote to memory of 5056	3360	msedge.exe	84
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85
PID 3360 wrote to memory of 1564	3360	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dcc22bbe2b3da44c1ecb6bd3bb17b3b1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb575b46f8,0x7ffb575b4708,0x7ffb575b4718
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7858981526161952763,7450348180611179505,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7858981526161952763,7450348180611179505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7858981526161952763,7450348180611179505,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7858981526161952763,7450348180611179505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7858981526161952763,7450348180611179505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7858981526161952763,7450348180611179505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7858981526161952763,7450348180611179505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7858981526161952763,7450348180611179505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7858981526161952763,7450348180611179505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2996 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7858981526161952763,7450348180611179505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7858981526161952763,7450348180611179505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7858981526161952763,7450348180611179505,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ee09ef47d5591a5c334239732e20135a

SHA1
9b48c9f34b15107760b85854bc0eea75578f2f9c

SHA256
274341ae6cd003e9df3d50f0fc6c75a782493608bc3ba6fc947bad47d3e6a57d

SHA512
8291c6f6f3e75ea44fcd81457302233ab427591dda2cda4427a86561fb15d8b90c662c24ce32fa23cf476472822bb2e933ade7d26645c45f3047a56716b4e07a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f8731ec413b08b68854e79ceabd344c

SHA1
a78c540a81f22058d64eca1ae03d754590b266ff

SHA256
4a80fe9a186764de0cfbc57158c9cf6733389bfb1eb7b6d6526a53d2836a66b5

SHA512
479782b4392d9fb2377067e50503ae1d657baf3051f3b3f04484b700e21b951b853f31ed941eed19833e34e55f079da241a996f0cc337581e93a436cc30ca3e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49797c6e7b5637b8965ab7991fed6d37

SHA1
2f3a24b9ead6bd2b3e9394d410392ff9fc705bd2

SHA256
a5ffa517125f3ee24ef3e14196230e735a09511bf7e0729699e0ec80e7bd4cc7

SHA512
9bb979717ca8f69e16cff2a1ec4d3fe86cd9c63bd680cd70b3182eded34b112a34992ab41db109d8c56e0377f9982143e4e82c6d3f312b2a068d6ccd05195ec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3773e2e1057a4ca3ff68f51d8d2045a7

SHA1
1be237c345c6438a47dd5e590678793274bebd53

SHA256
c95afadb2f71e6ed34882004b23a33e3eec7d8052d15f7f435b478f07290f752

SHA512
510fd8a4eefd8316baa8cc848c1a4d738e583fc662d0010efbdd778142e063ac4f1d3245c898c2f523cd96c976ffae7ab505e9cd0fc05f8355367dbcf1b104df

Download Submit