2f2c2554f92b264499e86752a4a0b18f94713f0a5a88b0f7c1e5371a473b2f24

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbe2afa97db99a1165c1125d454212b8_JaffaCakes118.html
Size

131KB
MD5

fbe2afa97db99a1165c1125d454212b8
SHA1

9786ad509a29bcd14d6b527656c1f806332d5e6b
SHA256

2f2c2554f92b264499e86752a4a0b18f94713f0a5a88b0f7c1e5371a473b2f24
SHA512

14aec84f7ff6663f8f83004f634683ecb3bdbf97d18e68007b6798a691193856e33526dfdc93206d54a94efd42cf59d475250101826455cfae24543f0ea23f81
SSDEEP

1536:uhYPTrLl44pE/1HSmDICtJb8lXtGUpt8gzt8DptG1Wd/:RTrLl44pFmDnStjptbzt0ptO8/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
5040	msedge.exe
5040	msedge.exe
4756	identity_helper.exe
4756	identity_helper.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 2312	5040	msedge.exe	84
PID 5040 wrote to memory of 2312	5040	msedge.exe	84
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1992	5040	msedge.exe	85
PID 5040 wrote to memory of 1524	5040	msedge.exe	86
PID 5040 wrote to memory of 1524	5040	msedge.exe	86
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87
PID 5040 wrote to memory of 2392	5040	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fbe2afa97db99a1165c1125d454212b8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ffde94a46f8,0x7ffde94a4708,0x7ffde94a4718
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,3990302089061856150,15664037879388184259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,3990302089061856150,15664037879388184259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,3990302089061856150,15664037879388184259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,3990302089061856150,15664037879388184259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,3990302089061856150,15664037879388184259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,3990302089061856150,15664037879388184259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,3990302089061856150,15664037879388184259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,3990302089061856150,15664037879388184259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,3990302089061856150,15664037879388184259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,3990302089061856150,15664037879388184259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,3990302089061856150,15664037879388184259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,3990302089061856150,15664037879388184259,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
5cd1240513edef3a571f2694e79ab0fc

SHA1
768d5f78b246bd06b7b8c272f299c85832f2cdd9

SHA256
b2b1ed0bc387e9fcfb461ca1525b1d7c7328924fa049896937738b287599d339

SHA512
34ad3fa648dd1252f220b2f78c610e94e4fc6c8d1e3bec4bf92a469a542c8ab46e36ce3caa040f08b77ead0dbe1e58b5a6048c07a97ff78728e01d836418e1b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
904B

MD5
d318451c7669715393583b18de3ab575

SHA1
e52608cf1a33fe0d7cbb0ab6f26a4c830b0c1b94

SHA256
0a7f2bd5f3ded00aa0d5f5bf1eab6cf680ac3335d3c168b3e80e10a8fd3489e4

SHA512
711864330605fee784fb7bdddc56ab768c5a35f89e0f49b3f67f11d5ae4d4b885da9aa75ff124d8cb5bdc92eb957148cb55aeb6dfc9416d3b111da6a7cd5990c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c1f25e6b1523a51959614f586518ea8

SHA1
f48045a3b2476514481ef69245cfc9aebc35afba

SHA256
76642f1527602583ce892eb52885fd9b5a7da1d1682fd61e0f55c551df3e34fe

SHA512
bed0aa88ebf463ddf5d6cc1d229210f4330e5f5fe853d8db1dd29c105b90333349b56d564eb1daffdc61b724f2579df75cafd63728da3dc76683ac19454661f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3737944f8a226879917fccbd0bb1c733

SHA1
8add48556c92980649e799087bdb2dea33faedc8

SHA256
75807a8a15aa1d778ea0eeb195a7773c1c3e9f556ca6101ec3bd1c93ac12bda7

SHA512
bb802cc3529208540714e0ffd7a598f0c3d3ca548e6a7ebfc543f17cdcf6d8981fa2b6fc8f9f60ace1bfbf32a0fc680c86045523d2f75a6864cb15f84ec0b30b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bf969325add3c62c1237b5252ccfbd18

SHA1
405e42205323f04a05eb0ec287cd7955cce57b81

SHA256
774ce78ace8a1cc4e3458e3f2988c2a2472876ef1dc7bd83d82a6d84b86e1e59

SHA512
4e03200b0eae33ae125618832dcb850d941bbb5229bb8bff32fa7a2082dea4b47dd24448915b3b0d1bfc5df13c43cd9bd5b2ef76841eb30e88eb64866b113460

Download Submit