e0dad3d94c26cd79d708af4111b54d43f8835144253779311a092b655b3adde4

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 20:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fd1fcd3a2ad62b84f990b93a8f382ee9_JaffaCakes118.html
Size

120KB
MD5

fd1fcd3a2ad62b84f990b93a8f382ee9
SHA1

fc0f9421e0c414daab61754e3890c297b0f40070
SHA256

e0dad3d94c26cd79d708af4111b54d43f8835144253779311a092b655b3adde4
SHA512

637ab77b56f071fc7eb6128e2ded1ba761788d3e270b00f7d9ae7b17446cae140b4a1791c7e4a1d3f1bac97f88b48a1a1b723daf212442244cce4a93bb8033c7
SSDEEP

1536:JHv7o3y2708xXxq/CITEydBBDGLYzbi/VODwWqF2:JHTgsBdidyNqF2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3868	msedge.exe
3868	msedge.exe
1464	msedge.exe
1464	msedge.exe
2988	identity_helper.exe
2988	identity_helper.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 4388	1464	msedge.exe	82
PID 1464 wrote to memory of 4388	1464	msedge.exe	82
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 2484	1464	msedge.exe	83
PID 1464 wrote to memory of 3868	1464	msedge.exe	84
PID 1464 wrote to memory of 3868	1464	msedge.exe	84
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85
PID 1464 wrote to memory of 2168	1464	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fd1fcd3a2ad62b84f990b93a8f382ee9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9723d46f8,0x7ff9723d4708,0x7ff9723d4718
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,94911085857366817,16178902166796883175,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,94911085857366817,16178902166796883175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,94911085857366817,16178902166796883175,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,94911085857366817,16178902166796883175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,94911085857366817,16178902166796883175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,94911085857366817,16178902166796883175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,94911085857366817,16178902166796883175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,94911085857366817,16178902166796883175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,94911085857366817,16178902166796883175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,94911085857366817,16178902166796883175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,94911085857366817,16178902166796883175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,94911085857366817,16178902166796883175,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
759B

MD5
c388e3cca5527df7ae80fa2c287179d5

SHA1
50aa8cc0e9b68bba2e75072355c40d94bdea4b6d

SHA256
3687974c2a013751879fb5e00ea96e8ca297b9366c123ff969fce63f579c58a9

SHA512
0596c92218fba199549b6a579e0671630aa3545f4aec9d07dfba908542d9539ce7a99e269541144d6666fcc91816cb51fb8d31665f1bbc97b6ec9ae1635863f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6d5ad3f0f098cf02b786f2f9788d71a

SHA1
52970497ae5f5f276145e8ecc29ffcf302ef457c

SHA256
f4291cddabaaabf9d0445ae0de69604484b1927c7466197bcd5ec7acb64a2d45

SHA512
6a617685658175124568f0d05f5fd8ca40be08d6956e2a8baa8eafe30450c7948e0f4a1a18b4eebd5942c3e88a4f91e1ebe5a772897d834eaa8c49c9c13cdead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c7177abd1ee08c1d73abf291ba7e3a17

SHA1
460a53788921de7091d609e28fa5f2a3813c53e4

SHA256
be3d2446ddb9a46db3af33516b0b200ecc08f496a8f42e9d0bcff3e84818cbf1

SHA512
6cec316e23d1a4fc19cb67e082384d3ab7b1513fa15b4e4c617cee222640f0bd069dcbf5f28e23265ace0b028a254fb1bcfa6b71a2f6c21cd580aa1ae252e01b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f2a787b4a05143d7bcec6dbec647b73

SHA1
6223ea5eb6d0177370fb4ddf88fac0f213d3fdb5

SHA256
dbc5cb9563effff2778fa290c34da78ebf56ab5d3efbfa36912fc1c200427054

SHA512
2737de368bba464367f96274a95e6424516b55af0be24ae9f64a603f26c2b6a729d8225e97f09bf37394cec5456c993ef0b10277401acc1ce786c0310108e00d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aa40a9b5d8db04799157742bb7ded593

SHA1
c1582fe86c288a734cd2035edc857a332f78ba91

SHA256
6f5096a1e1d3d756b910d14a7b1ee8e691707a05ef33216268832b3995263b21

SHA512
844285ab971e12ea27908678f830e1673bade31e1cdf83894063aad8ff4b256242b369c65a9725037e0401fb373db6e4c74116b85c97930b7d28ea9e733b7af8

Download Submit