d6be3ea1472b35e96f3d59c736979be6c6625ecec4dc71e42316d9bc61f55bd5

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebcc9ebb7dc39d8d1090fd3761ba17aa_JaffaCakes118.html
Size

19KB
MD5

ebcc9ebb7dc39d8d1090fd3761ba17aa
SHA1

1641663d5a3270494840934dd6938585f277dbdb
SHA256

d6be3ea1472b35e96f3d59c736979be6c6625ecec4dc71e42316d9bc61f55bd5
SHA512

aa2512c3cc27494ff0c942decfc417a1d1015476f36c9f1257627e98a1a672abca5c5490761a774946b77a2e1925b6224559601d70f5b3bb05178a62e0b8f25e
SSDEEP

192:9K/ypUhTSmiqEWxLTgE9d31yLrNUPl1qrlMQvQ1jQZmyErlsoAohEypL1qrFMlUs:4/yoTdi4LXfcoQN66p55i9iciC

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1952	msedge.exe
1952	msedge.exe
3776	identity_helper.exe
3776	identity_helper.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1836	1952	msedge.exe	82
PID 1952 wrote to memory of 1836	1952	msedge.exe	82
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 3972	1952	msedge.exe	83
PID 1952 wrote to memory of 1100	1952	msedge.exe	84
PID 1952 wrote to memory of 1100	1952	msedge.exe	84
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85
PID 1952 wrote to memory of 2112	1952	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ebcc9ebb7dc39d8d1090fd3761ba17aa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8540646f8,0x7ff854064708,0x7ff854064718
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,1321985282191605499,13543616137670622024,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,1321985282191605499,13543616137670622024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,1321985282191605499,13543616137670622024,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1321985282191605499,13543616137670622024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1321985282191605499,13543616137670622024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1321985282191605499,13543616137670622024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,1321985282191605499,13543616137670622024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,1321985282191605499,13543616137670622024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1321985282191605499,13543616137670622024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1321985282191605499,13543616137670622024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1321985282191605499,13543616137670622024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1321985282191605499,13543616137670622024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,1321985282191605499,13543616137670622024,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2c7ed735dd7c28d537ebef844e92229e

SHA1
0d2a2683bc7435973d51897d262e18712c659d3c

SHA256
cfd3e92c5642aae831e061a4cfd7ac573bf38d3816492a0be6232a9f84014e1e

SHA512
b8c4321e70ffe82b3ba2565f1a751829df088e03bb363a255f49d0e9bfb0c2f799268fb8c1535e0329a5d086b62f28592392634998ff7d2902a5625d45a6beae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cbe5fc0ef0a7811fc9d4e8699f395477

SHA1
aa454b01aa0bca367d53ad6e81db3ce3da6b7b93

SHA256
9716e13736de0ea3078056c2834eed9679e1187ce251e56ccbecff340fb89e78

SHA512
1c888047f921a54e43fe9b38666e6622ef7f8bd0b2696ea5bf4470cf02f300fab20175084909c1e2e05c7d70db81ea29eefb0656e87707ebdd212dd081adf871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6cfd1bb113716cca7f48e882206a1db7

SHA1
d5210dc00b17e925197a00f7d04ae47ecc6c1f2c

SHA256
bf936198534f944b1c5ec7ae06bf612d021f4ca570b545d4bec2a080311700be

SHA512
6ca382f3cf4f294dad04abaa13e1d7339b98cf8ae157a8e8bcd8f22e93cbdaf843467a08611b661342c71eaa556839c39486a291963a352527902144c48a5e59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2113fa1937fe7ff027bba2e2fa59d7d1

SHA1
cf6dbe5c2890fa32c1f13530ab79a445236856f0

SHA256
5fb1e1b706856d79e009cfe871bf43f9334b5756a7e73cb44efb40ebdc122f4f

SHA512
45b7e58cc3cf52edc6de5f0b32f66babedefaa4c2bb5f6283915befe836b5ece4a5a0ef8a1a584a8e1f4ad69f4cb91eb07fdcf683bc4cb0b47de63e4166649ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7f3937137a43b6ab733aa2c62af34371

SHA1
1ffd13330f375eab26b3e4df17ee4425f50bd3b2

SHA256
c4c44f69a449aab1ecb0497cde3ba7409f8007716c7648aa3cb5841836ca2c58

SHA512
95e8b0d40e4b6482d013554984f926107300de63c64680aa31c4a4525f6d5426ece38b962ec877c25879aba952ea32641a75cf7b0c7a67cde6d4b74ce08327ae

Download Submit