64af236839e7e98eddad2c0933b69fadb1d4d1166678fa956725cb5e72d7aa2b

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 07:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f5766bc7be4e4458f0f300ca6b9981d0_JaffaCakes118.html
Size

201KB
MD5

f5766bc7be4e4458f0f300ca6b9981d0
SHA1

cb7da82c387a162cd92e504bbddb2638e84cd2f8
SHA256

64af236839e7e98eddad2c0933b69fadb1d4d1166678fa956725cb5e72d7aa2b
SHA512

eb9dd8beaf4d8c91f8692903822136cd36e4c7150b15bf09f2df7964fbbf00f32fc259605521bda45696525bb6a973fe79771eaf301ac8e580d0f773825525cf
SSDEEP

1536:kaK1vsYA+IexeogtAfeyEBDXk+OFBmdpm9VLeaHj/GIGvM:dKgDXLc1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3832	msedge.exe
3832	msedge.exe
1348	msedge.exe
1348	msedge.exe
1876	identity_helper.exe
1876	identity_helper.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 4036	1348	msedge.exe	82
PID 1348 wrote to memory of 4036	1348	msedge.exe	82
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 4188	1348	msedge.exe	83
PID 1348 wrote to memory of 3832	1348	msedge.exe	84
PID 1348 wrote to memory of 3832	1348	msedge.exe	84
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85
PID 1348 wrote to memory of 5008	1348	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f5766bc7be4e4458f0f300ca6b9981d0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffaa36446f8,0x7ffaa3644708,0x7ffaa3644718
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6657304506594488642,17375049914259987720,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6657304506594488642,17375049914259987720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6657304506594488642,17375049914259987720,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6657304506594488642,17375049914259987720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6657304506594488642,17375049914259987720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6657304506594488642,17375049914259987720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6657304506594488642,17375049914259987720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6657304506594488642,17375049914259987720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6657304506594488642,17375049914259987720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6657304506594488642,17375049914259987720,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6657304506594488642,17375049914259987720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6657304506594488642,17375049914259987720,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6657304506594488642,17375049914259987720,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6cb19ca3-1ac8-484b-8ee0-3d16dc956557.tmp

Filesize
5KB

MD5
2152b94f31cece5d8006093997d40e63

SHA1
7a0c6f7244f0336fc065308e3db2664488b4aaa9

SHA256
2274704d2e25f42cf867f3d2e5eb517657ae4faf2bb508c245667f4e4d68517f

SHA512
a29a7696a066cf8085310aa3f3fc8506c6962475a000a3b131c491055830c0681c24b4c09ba58ebd380d84f79b2c30223d43d96a5ce740af3148ef0c91f8990d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
255B

MD5
84b28e8ffed9fa0b8f6a91b5b31b308d

SHA1
efaf4dff37c34966c481eef0caf7dacee9e2a78c

SHA256
cf81f066b1ba1e869f5551bbc61c497d91035e2afcb750c3e63d5c7644b0b29c

SHA512
a838f81d13c5ecf02aedcdc60159f4b3f6e22e1f14c566ee3b2765e5645fe0eebabe24124ac018ea64986261c904e5bb50512708babe39bde76d7a5ab9280ea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
32de81f626d2fd978ac5a1b8f8fd813d

SHA1
2a56d1320dc91070ddf4a705a59bbe68e6c3d33e

SHA256
7af01f54ae62ee3cdea0ca9b2bf2b4841118057a7a10f3b674f10d658cfbcb73

SHA512
8b0ed144afed0f8512538d67baf1ff393532f53a86859dbb15894d6495150da9c329083ed693d0a2876fa1e8b8c4732a697ae98758832ceae31daaf659046f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
35bc9f3cbf848fda02c2a43acd5e9330

SHA1
3dd7d886f3480f3916cc5ddfff6152b17502a083

SHA256
6a3f68441091872a8f120aadd51f24d11e696886f9b256cc431774aba92bec54

SHA512
07943e964ee622fc63b1c83a5b47c10750b501b0fd0e3887d6f5ef33cff7b8fbe56c139d735f95028399e3559170ab0dec838fd0644369ff2f70b2140745d673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e3dc1177348d8032c71fb617ed1b7cf9

SHA1
cb8747e85c1f8b7d00d8810d1e1580ff13da2909

SHA256
9140f91c133b8e679c2e2f12491030090288a6a34f4691442ea6732e1915aa84

SHA512
47021f8d42b07c6bc1fd7250f04d7f2541e10fc7ee7cb3a7915c1017bd1d8a72f28a7018b8f4a5506d858e350def5367ae1f0ae6d9b6961dfec19c30f9c16e70

Download Submit