917dbc1d00b04a2f08246c66d59de70beb9f09e9c951261c00ffed65f97ca082

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fba486073ff804caf2de9fadbeb66c54_JaffaCakes118.html
Size

155KB
MD5

fba486073ff804caf2de9fadbeb66c54
SHA1

1c080016dc70980012bf02d4e2993d35d9cd65c0
SHA256

917dbc1d00b04a2f08246c66d59de70beb9f09e9c951261c00ffed65f97ca082
SHA512

1f699fe8a150fc3d41445bc930893ca176322873e77f1bd878105f4eb282cb9cb2c57587227cedaa9fe788432035636f16bfd49bd93ad266f9b1f3ef4fdbc068
SSDEEP

1536:SF6TAu9l/15rUyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:Sa1uyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
3192	msedge.exe
3192	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 2356	3192	msedge.exe	84
PID 3192 wrote to memory of 2356	3192	msedge.exe	84
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4932	3192	msedge.exe	85
PID 3192 wrote to memory of 4880	3192	msedge.exe	86
PID 3192 wrote to memory of 4880	3192	msedge.exe	86
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87
PID 3192 wrote to memory of 3132	3192	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fba486073ff804caf2de9fadbeb66c54_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8a1f46f8,0x7ffa8a1f4708,0x7ffa8a1f4718
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9348971620355591840,1236728316996451219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9348971620355591840,1236728316996451219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9348971620355591840,1236728316996451219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9348971620355591840,1236728316996451219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9348971620355591840,1236728316996451219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9348971620355591840,1236728316996451219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f49bc139ae2e6a25fc2fee34913829f6

SHA1
90d0b77d8a70c1a446916c95651754441ac1f031

SHA256
7b53dd1c6c5af0fe6953733cf7dccb2d196a6f375da837bf39fb1a16870cbb85

SHA512
61d3f9670c8af79d71c5d84ae49ded0c7d53cd20641cf90098a4b3f733319975ff5fdcd7f91d6ae21d4069e005f980e81041803feacdee66b98f9dcf20bfeabf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f84d59dce54370c098f997bd947520a3

SHA1
c44d4e48d4ed7bc3f6c78d9efbbf2bb73a556163

SHA256
1aabccf9684c92ea94fcc1b792d127317bd862187fabb670f81669854df5be36

SHA512
6f01bcf83eb9e419a7e1c5e998ef4b6d3eff074da4c24394a7a8a83634d3d76ce50000071a2beb023b70a0109ed2c49bbe87d93528bedec20436b11d5ba7f1e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1162ff9337c5f498b53af1b2b3ae7712

SHA1
cdc82a4e242ed5adf91925aa3bef41d428432153

SHA256
529107de08c12732bd645664c9aacd184e10f075090c1bc1b71a71c021039247

SHA512
b94e0e5c572a3def2b5a1f11eee6137ca77430b030766a897d1db72894ef99d25691a8b7cfde595d8d900733b15c8f48118ae4b50088199c11b3c7185685d9dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8e97e6b61c0459c0676b5cdb2b4b2a5c

SHA1
cd1ff6a2f6bcac72fdbe705f096dbd3e200d9454

SHA256
ef653c20648e8020817858850bbbd66dbdfe7f7bba453f3dbce71cc0aabd3d94

SHA512
ad556bbb5ee6a26f07bba3b8f1c874850fc0aaa48824460034fc9db944d0b2831dd47478d56cae7055760b10d275068332082dd4f719b711f178514bb06ebf7e

Download Submit