36727013ecd1b36a805920356b1069b1b322194ec5a6a7e7e457379cc67a7421

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea69080621b4ea97638c6d33e510f043_JaffaCakes118.html
Size

28KB
MD5

ea69080621b4ea97638c6d33e510f043
SHA1

4265f6bbb09aa44548d1177c0f113bc61deeb35b
SHA256

36727013ecd1b36a805920356b1069b1b322194ec5a6a7e7e457379cc67a7421
SHA512

711b1944924bb74bb468cfdad3b0da5caf0fe9f7ff7ec48037c6a91a184b7cacf7710931d77a49ebe0cbb54401f30c95da6d35c1f2c1805d0f59f8b9f43f8b9e
SSDEEP

768:tlxMRoe8CSrCZSl5pxvhHpIaE5iFJesC8/k20yWypnk:mRiv2Sl5pxvhJMyRnG

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1756	msedge.exe
1756	msedge.exe
3340	msedge.exe
3340	msedge.exe
3340	msedge.exe
3340	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 3944	1756	msedge.exe	82
PID 1756 wrote to memory of 3944	1756	msedge.exe	82
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 4008	1756	msedge.exe	83
PID 1756 wrote to memory of 1676	1756	msedge.exe	84
PID 1756 wrote to memory of 1676	1756	msedge.exe	84
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85
PID 1756 wrote to memory of 4920	1756	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea69080621b4ea97638c6d33e510f043_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0d9e46f8,0x7fff0d9e4708,0x7fff0d9e4718
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
818B

MD5
78fe1fc945edf15c943608e4e3cade5b

SHA1
a11c79c0c4c190dc8f2bef34f5eeff25e16c75a1

SHA256
606e98d4981ac086edcca52e9444db27f9a54653b66d7bec39ab943ff3ca3654

SHA512
5830d2000529e576bfe5224423288b16e41a4d8fd596c4e6e8a31bf65c392468803e758ef92f9c11f5cb874aa5c6181ee84130e3ddc1bc83dcf46b6f8066e258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cb25716f94c387cbfbbb140dc98b4956

SHA1
b2cd7d8e44ea3bf81d935a37836f838cd101b562

SHA256
706fc2f5222a9c6ac714d498a36edad4224ff21e64cc02ff1297b5a1eb5cb038

SHA512
eb215a73a92a56b94d77e274788eea126060f87f66ce5d03024860305c101581076df416698655386861280341ec1ab1f0f0e1870c4c76f326801856737e14c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1880c23b9334d25c7333a786b840ef29

SHA1
ed033b5104666e4e542ebfa69659c64d1a512112

SHA256
eb065c81923d660a8544a7a9b2754b4fba087ead063c5c1f5d782cce3bda3f2f

SHA512
486eb92a508ad4d097efd80cd71a5d8916cb6f7ced6c70e5f57a6c78925353b0acd3e97bfaa6ab2c0d84f098fd520b717bf8ea699addc4b90d5bf95328385d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
adef018a6e10f8655452960fe2236def

SHA1
7dd4f8dc1b6f64580d88014811cfbd1102147214

SHA256
0a2a92fc33b1d074f402d15131e4a4341035c701ce58567b6b5579e992dc7e6f

SHA512
74cbb4e77c1a46a3e62808cc4ffd9a7ab6463187ca6c24d491ed4088ab81637157a58131adb83ce50948c3572ffa17ae465c1391be19631b0f18ab8bd71db50a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e71cf1cccba31a117bb1e60dd33fe31d

SHA1
b627149ddff9ce445116e284c1b2ba1578980b4c

SHA256
eee4a8a9b8b9f11459bf29e6cbf35b5420090fdfb10bd69c41ecadcb308eb476

SHA512
bb80b1eedd72233b68a867cd9fce8880f80bb3e21c67197a3486bca9b34627f3c48fb596846e647f876c17fc660ac756735a0e86f5b84f622f95eeea75d4cf3c

Download Submit