5e355ebb2396823e697a3270fe73866c554cae37d9e22c4b7da254cfa39ee72c

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-09-2024 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df7c809a3d43d51f10ae3c2b4cf3e645_JaffaCakes118.html
Size

207KB
MD5

df7c809a3d43d51f10ae3c2b4cf3e645
SHA1

b83991cc2a78d385014a2e0a1cb5e190a6ad23fa
SHA256

5e355ebb2396823e697a3270fe73866c554cae37d9e22c4b7da254cfa39ee72c
SHA512

5b09f4700ce74e3af63b3a3fc2a6db60eb3b005d57c072cdad038e47edd963d4f7333452dc72baa8d5c3e358a577b36e9f44223f62f08ec9e22cff97e18d7b85
SSDEEP

6144:T530DH6NEQwjcHXxQRVufJc/09s1ktB5n:TuDHQmjcxQRVufJc/8n

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
3328	msedge.exe
3328	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 1316	3328	msedge.exe	83
PID 3328 wrote to memory of 1316	3328	msedge.exe	83
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1372	3328	msedge.exe	84
PID 3328 wrote to memory of 1836	3328	msedge.exe	85
PID 3328 wrote to memory of 1836	3328	msedge.exe	85
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86
PID 3328 wrote to memory of 872	3328	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\df7c809a3d43d51f10ae3c2b4cf3e645_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9775846f8,0x7ff977584708,0x7ff977584718
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17347134156381061478,274773966496196062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,17347134156381061478,274773966496196062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,17347134156381061478,274773966496196062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17347134156381061478,274773966496196062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17347134156381061478,274773966496196062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17347134156381061478,274773966496196062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17347134156381061478,274773966496196062,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
397b72b25d81acc504ca3ea0597cafb0

SHA1
553ec765dc0a85b67c317f43c0ac06ca1004f896

SHA256
1fc9a41508f1e225e74609552e1cab8844de2d0778857251cb5aa5c176588215

SHA512
45558b5ad6deadbf4f8cb3e26d7e5cec179b68deccad0864879e0f4268fbc76b1c2e721e4a21642d9081629082de29fb2560f17793881e79aaa5e216b5c4ad72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a6df38b119c358b7142fc5c7ecc9cdae

SHA1
3c350d83800a4b00a01a98477105cd740e46407a

SHA256
4be24332163d5b6975e8e8d005a120cee0b06afa0a99f3bbd19d188f39aaf92c

SHA512
d88ab48c56589b5489a468bef63db8af241aa8a97d3b371d5b4eba17602c83a9b7a675bed1e8875feb8698b15daeba775c79a3113cd916f42b1dc7413aa5df88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8960a20d9801476b92cad64da50f97ae

SHA1
e1442f628916402d33c3fb3e6ea904b67fbc1c66

SHA256
ece7f79473ac3be6307a79c07a2e75cae87bfaccc18e8db2a631979dbe6c14cd

SHA512
4bfc3d34abca2219ddf8aadb0ce013397bcaaed6cfa035aceac32f6af233d253ccdffcfd8fd18053e80759cfce995c388f486d88654d59cad9522262675ee2b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c874e3d0653a2b19e2a34f8fd8de0f9

SHA1
0930321499bb0a4220475b469de44571a1584c1c

SHA256
29e496120c61073ae71aca287d741c5675269034326ae6d8996326644bb29b6d

SHA512
75a71f7d92f841633e157bd7d1e376d3c26c461fdd401d1fafef1cdb0c9340682cf94188b5f097b53ac6ed542e43a429059609529ce43afce4d2e985e1e430b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
29efc47a002cbf033e37ad6bebf13e6b

SHA1
9bdfde374e57aa8cac07230236a7420928a4b1e3

SHA256
62214fa0be2d18a70dda642e315a49b6e8dde02f81dbd7aa902db54416a5a055

SHA512
3e6e65344be347eab52810aa8ac80367842c105bad061a69b555d1fa993f9d88c4bc6e1b9f3b6052da81791c84603812c9fbc831d47a78416a9e257e9c2f92e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ee38.TMP

Filesize
707B

MD5
a535fa34c4a3e4bc7b72a6ee78341174

SHA1
5a4c5c394bdb85690f7dc2ed4f9d9625eb2ddcf6

SHA256
a67dfe7f74a10c8d964057fbdceed2f05f6a3b3ea2dd6d678434ac2b7c5ac6b3

SHA512
5b6e5e5ec38fd3324516e8ba6eab00973441a58e51726e7b9a937064376f4319950ce9dd64f074a05d64d3aebdb007369a845414db52718bd434e530bd8e3430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
918c1d4551e0382d9943fd2321bdd0f9

SHA1
f14e4af9ce840d60a0d55a9e861b1c8846a5b52b

SHA256
883db31889a785a729cf141aa4ab4bae0378c0661073f2df8c694d06f48219c2

SHA512
ee68c5fc46b36522962cd82e0f27040b9140df95e600a850dc79e2b8fa940aafb718732287ab7a94e014c8bea37efc57968d52c3a9c42321126d8b279e2cf127

Download Submit