11cf593334b8d9a6540f85275f0c99b429d6f66818bdea30e9c3729c66ea05d3

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dec1165ad01c5f095187be38b4783bfe_JaffaCakes118.html
Size

4KB
MD5

dec1165ad01c5f095187be38b4783bfe
SHA1

d2566ac0428abbb505754287b037abd0f8486df9
SHA256

11cf593334b8d9a6540f85275f0c99b429d6f66818bdea30e9c3729c66ea05d3
SHA512

c3c3d4105f5528f07e647ab3f6fc715bec56a4ab64c0abe5a9241bd8d63c561b909ae62dd2767271a948bd3e9cd7f5020cab072f4065e24e3c035d918ed64dd8
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8ouv95b/d:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDJ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3980	msedge.exe
3980	msedge.exe
4028	identity_helper.exe
4028	identity_helper.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3980 wrote to memory of 2340	3980	msedge.exe	86
PID 3980 wrote to memory of 2340	3980	msedge.exe	86
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 1424	3980	msedge.exe	87
PID 3980 wrote to memory of 3880	3980	msedge.exe	88
PID 3980 wrote to memory of 3880	3980	msedge.exe	88
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89
PID 3980 wrote to memory of 4480	3980	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dec1165ad01c5f095187be38b4783bfe_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe5ba46f8,0x7ffbe5ba4708,0x7ffbe5ba4718
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7574101208591864390,15886400097389824124,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7574101208591864390,15886400097389824124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,7574101208591864390,15886400097389824124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7574101208591864390,15886400097389824124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7574101208591864390,15886400097389824124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7574101208591864390,15886400097389824124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7574101208591864390,15886400097389824124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7574101208591864390,15886400097389824124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7574101208591864390,15886400097389824124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7574101208591864390,15886400097389824124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7574101208591864390,15886400097389824124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7574101208591864390,15886400097389824124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ebc024cdb324eb41f33c6ec63d1458d

SHA1
f623e96981ee63c1b6879f682c4364fd5c2265e5

SHA256
23b9bd7316816043f42a80784e7f247f3afebd3dbe370fbc702189a6a0dddb1f

SHA512
6971b6430bc01a36c48bc1e41cf8c4bed65a2890837f7778a896072159940ae739d11834176cc7be6cf6fa0f2ea9e6764c30cd23beadcc88c390e5573bbad097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
292B

MD5
44c215f7e1f9e1d0f89867b4f851c8c8

SHA1
7d1360f2d901d20c264868309f48da1ee6be35ad

SHA256
65da593c18d8a010be1da753b1a98ce96f307d1f3dd2ef8f2a9ffd5a7963a6a3

SHA512
076494e29e489edf0e883b4dd9a7febaee0849c0ea1ebc79d5e2430bab1c102a04c5e4f90f9fa58da294a5578c9f5a6c0db23bea51ec95d705448f73f1b3b5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6d24787e05b176f010dff439be85af04

SHA1
59749f926a34cb1f7a5cd422e8e531fd91ba3c40

SHA256
e7f1426737d7fd8168243a7058e538263b07176de4f6fc50304cd219b8b51592

SHA512
a4977804b18b46c668b71cac85bd36bb0d232fdac7c79970fccab8d373319af8cd9ded630db86f36ab83e2a0bbf3b15435ed13ef1ce7eaf8ac4dbed091923b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5a9b842619cc3f46eb35925b6f59bb9c

SHA1
f55b6235474659bf6d90f7b480be6dfa5fd5eaae

SHA256
a82bcb30a3fc4705bf36bed7bbe435a477200d62e5c0a927a5a3c4c4a4c0cfc3

SHA512
047c55d928db0f7467dd6d87a15e3b38c158a0fb106f664543f38c4e4eadefd61c101c4f4dcabef797c2b3427daef09a70b7416891dbe95c1c4a29e7440c7dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
494a861dfe3fb61b7f6e9a8e1f92d179

SHA1
903db9c91a888cdd2a359e921ea2c1a958228aa9

SHA256
46ffd9cec0b1524402f64218ea9584cb751cd61e56eae54ac0ad61c55273c690

SHA512
f97bfb87546ee38f100ef52f6ee6d102d05feb378a940954a1953f5dc301e6ae7a91de2b2176dcac165a61abf867e06e3e31572a378b1abd9ea2768de76e7175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
483c88b70f77a3523eb183578c077ee4

SHA1
23dc6519fb49bd4843f78c9bf545147f4632c84c

SHA256
6c3855616e22fed0f89d2314682933a7ec531c09a03a2c44a85c9ac4a5842d55

SHA512
79ca0034fb7f389613dee9961ae2d996162b9d7a759d405ac278343abdfcd523578d2e5082cd39a9be9a797b907895bcd9a5ec74e2f44479cee342703061fd4c

Download Submit