c3d8c220f1adc7cc33f3f9c8a0b674670782dfcf7829917908b2780fc51636a5

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 08:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaf3e983843166fc6f2bb80b0d794469_JaffaCakes118.html
Size

45KB
MD5

eaf3e983843166fc6f2bb80b0d794469
SHA1

d78845ad11a83c7263b7276a3121e3ae8d3423d9
SHA256

c3d8c220f1adc7cc33f3f9c8a0b674670782dfcf7829917908b2780fc51636a5
SHA512

2fb9782eeae5763854b2c8c03911dca764ec05dbb20f5bfa12b6fd6bad041594dc82763743b184bce152686beaf37455d743f6a8ed7dbf730c5bff548318c523
SSDEEP

768:KyAOGuX15hn/U3YYfa4+C8C8C8CUCACUC/CDCoc6XERZS+pEUxXzdlsA3HuLTYPQ:KyAOGUN/U3YYfv+dddNbF60k6XEDS+p0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3564	msedge.exe
3564	msedge.exe
4040	msedge.exe
4040	msedge.exe
4560	identity_helper.exe
4560	identity_helper.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 116	4040	msedge.exe	82
PID 4040 wrote to memory of 116	4040	msedge.exe	82
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 372	4040	msedge.exe	83
PID 4040 wrote to memory of 3564	4040	msedge.exe	84
PID 4040 wrote to memory of 3564	4040	msedge.exe	84
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85
PID 4040 wrote to memory of 2304	4040	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eaf3e983843166fc6f2bb80b0d794469_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe13ad46f8,0x7ffe13ad4708,0x7ffe13ad4718
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1456,397201222924082588,16252050182698831610,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1456,397201222924082588,16252050182698831610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1456,397201222924082588,16252050182698831610,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1456,397201222924082588,16252050182698831610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1456,397201222924082588,16252050182698831610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1456,397201222924082588,16252050182698831610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1456,397201222924082588,16252050182698831610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1456,397201222924082588,16252050182698831610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1456,397201222924082588,16252050182698831610,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1456,397201222924082588,16252050182698831610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1456,397201222924082588,16252050182698831610,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1456,397201222924082588,16252050182698831610,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2388 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
191B

MD5
6bb0e1d8bab7ce211a058d8817f73035

SHA1
125a3b2a1187f2f70351cfc97c8b88d4094ef05e

SHA256
ff92bc2ea67f586d5de3bf6d0d22651fbc091b1e6fe822a8f003df5e1d27e888

SHA512
b592ad470dfe2cad76587bfef3afab3dcfa836d00a33cf7a134fec0f3de77c86e27f225e1d2a40be27a1c3ef662e83fa510052c1dde824d2d510ec25a8c18533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53118fdfa6b5b090e440f075d16a1e49

SHA1
219bed172becf32af7fc66349d6a571b7452a843

SHA256
a717ebe76608d729443198471dd9fd0d534200a4ed866f8787842e3b3e318ec2

SHA512
463675b93321732e5cf36d6e5168841667fcac4c1ab521db91043405136360218fb03dbde0bc745c041ce33729e519fe2924e178c3a5bc9af4d02a5cd46b05a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7fadeecd43859211227da7eb08aefce

SHA1
915a8adc525bf78a8e1c43a2675ed08bfe6b59b6

SHA256
18afe84deee4557985719b20815812056a6af016470c4291d8c0b1c9a780569d

SHA512
d0be1631ac42bc2ac196d99e73ead13cee4123c0bf4f3df5e8b4b6de4945bcbcd58d78952cd7ca0cceea17f0084edb926ac9b93bf1eba51a311d5f2b4a4f4444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3b86d56535a45f1475eeea463c215df

SHA1
0052ffca4343f7cdbc2a04dd9b022db9045634f1

SHA256
c034bf5708363449604825d6ede57b959223df2227cdddc7238f074343426d0c

SHA512
7cc11de7b86d5eca1887fb5a7523cedcc4220a08ab6834e539947983c7b17c11b270082175374afe5986c573f21778d1966f7633e66607093514a0f5a5b85bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
8495eadb24da8dc628769a5245736db0

SHA1
9cbcf26376fbb3b203ee2666ed33e02bce22e11b

SHA256
ec878b7d0bdde531b389aeb0ee522362aaf68ac4a4bf67fbd4cf0d5ae29e9bf9

SHA512
3096f15726bacf0bdc80ae6536e743ad063240350d60e9c3886d298aa92bb08bb8a01851c3184d9442c8ea4819f7b1908b43edf82228a69acecc06dab92c53ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fcde.TMP

Filesize
203B

MD5
d5f3162001edbd8aece315763df0d5b1

SHA1
d67a10cd8b1e2620613e441e954de4f1b11767a2

SHA256
f480eb101955c3cd3289bff6566af8ec0515a65d73552e3ab1950d65c633341d

SHA512
cd6a1a4db5e1087d99a4d33f2f8b5493e968a917d365a8a29eb03eca8738115c08e5fa277a79867267beaab46ac789d3eeb22d8e70feddc0741c30572d3f6b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc626a0e4dd18e05d411a83063a86494

SHA1
5df3455ec55929c3a26e4f298e00b1274ccff950

SHA256
fb82acd1c6e9188238ccb25b127074428a3730ea08676994bd5802182b602852

SHA512
bc77b228f55f255d3f0111ff84e5553b2a5f4a8ca32094f82f8576cde158afc9ce98d79277e2c5def8e355012d9523397e65a2b39ed5988bd3f6d5e0cc63814e

Download Submit