dd5d8503cc2a71146b78742baea6c46fac48357b4cc363b3197835dc9a654014

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2024, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9c77d779a3530934355311aca8bd07d_JaffaCakes118.html
Size

453KB
MD5

e9c77d779a3530934355311aca8bd07d
SHA1

6060a7c6b1f6f06042077c9e8e1657bf16b96999
SHA256

dd5d8503cc2a71146b78742baea6c46fac48357b4cc363b3197835dc9a654014
SHA512

db68ff7354e5ef1fdc0d90dfa12bb0efb432c86ea8993706313b71d89e3d6ec66a12dfb556d749ab0c076607ddad0d1bc20dc4bce6d07c00c56e2a2e47225986
SSDEEP

12288:0e2xy58jwJ+PfgxRsg1qLWP64clSrW89dPtAOiFCepfCLwGI5HxINavYc66ytyap:0e2I58jwJ+PfgxRsg1qLWP64iSrW89dR

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
3272	msedge.exe
3272	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 3580	3272	msedge.exe	82
PID 3272 wrote to memory of 3580	3272	msedge.exe	82
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 1596	3272	msedge.exe	83
PID 3272 wrote to memory of 4668	3272	msedge.exe	84
PID 3272 wrote to memory of 4668	3272	msedge.exe	84
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85
PID 3272 wrote to memory of 2704	3272	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e9c77d779a3530934355311aca8bd07d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffae1746f8,0x7fffae174708,0x7fffae174718
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,14947137255520033410,9375713493962702465,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,14947137255520033410,9375713493962702465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,14947137255520033410,9375713493962702465,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14947137255520033410,9375713493962702465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14947137255520033410,9375713493962702465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,14947137255520033410,9375713493962702465,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
992B

MD5
3cc167ee52cd1dc6aabfc83f8360eee2

SHA1
f02c725061a3d2e8311af38455c1e0c8b2f5353f

SHA256
e08abb902b840fc6c18cba13c745169b7fbe1417295f87ab1ce18e0526f39574

SHA512
40a1fc31a12a9c43bfbdeb657b7a4a56832636fe2952fd591b33a258732cbe45f44d78d2ce3ea35c2f6e5cd236936ddfd7b70bef7dfce749c636151c47fdad5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b8e5597a04fc8768d72ab222df2d7216

SHA1
ede065323d6b62798ae7f40b4583b9398e3a56d3

SHA256
1860418e84efd383672fa939c604413a4a1fce16804f23265c654577af8007ae

SHA512
1b7cb49099f8bea551933ef07f94ce8e475f554c9b229c1caff9f9d6cba99a8a71667ffef7c3485bd95b222757b8e22b31d0e5861e17701c34de0b78535c52bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
afa9dc945376c2a3854e86322175154d

SHA1
8cbd2abfe83a52be6f9dfac1b3a07d66af1a1976

SHA256
a54b5426f559ebaa1b7744ad54cb3459174311bf5d21280fe676d235664bcfc6

SHA512
bd703894455661b35d72343e72fd867b00ae98643e0af15f458d857da276610485ad8f0e765dbaff6dbf0f05021062abf62202e85cf28cb4ba59e6d5e5ea1b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0668b3d8d66a0651dfde32c935569bc7

SHA1
44a80a09b51e262dd222b919ebde0fd10be6955c

SHA256
26048489381c359a4d27ada1cdec26a9de1619f9fae7a89ee9a903e6a02db8c0

SHA512
2b078d116afaac72807dc549df8fe1fbc389222d78e4c20c717a8ab83853cf617d3aabbd195d8865234b6ad5ea1669ac43501ac6662ad22566a579922c4534fd

Download Submit