d8f736c6eaf8dba3bb9acce198027177f24ee8bb74b8c190bd4ae73e4774dc97

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 06:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

00086483b6c4d38dd7fc32cd0d2ce5b1_JaffaCakes118.html
Size

214KB
MD5

00086483b6c4d38dd7fc32cd0d2ce5b1
SHA1

e0c03d0a6ba0c12575c66a0be185b293bdf618f6
SHA256

d8f736c6eaf8dba3bb9acce198027177f24ee8bb74b8c190bd4ae73e4774dc97
SHA512

df3f6aa476faf518f1a03b006c1952beead154fd4243547af9e902689fcc9e30073c39b655983ab7a0ab3169c44d81a2a503c4b46a38fa63d35598f53a885b32
SSDEEP

3072:SrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJO:6z9VxLY7iAVLTBQJlO

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2112	msedge.exe
2112	msedge.exe
4764	msedge.exe
4764	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 864	4764	msedge.exe	85
PID 4764 wrote to memory of 864	4764	msedge.exe	85
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 3504	4764	msedge.exe	86
PID 4764 wrote to memory of 2112	4764	msedge.exe	87
PID 4764 wrote to memory of 2112	4764	msedge.exe	87
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88
PID 4764 wrote to memory of 1436	4764	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\00086483b6c4d38dd7fc32cd0d2ce5b1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8097d46f8,0x7ff8097d4708,0x7ff8097d4718
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7806083781982926039,13046547399741399090,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7806083781982926039,13046547399741399090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7806083781982926039,13046547399741399090,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7806083781982926039,13046547399741399090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7806083781982926039,13046547399741399090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7806083781982926039,13046547399741399090,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c4c359e41e601e587c71171501984455

SHA1
4cbb16d2eb59374ebed7d25927308ffaed159c2d

SHA256
1bf4161bf90e9f3bc35902a5c72dd4b6b0f226f76e2c9dec02b54b4ad5986cbc

SHA512
2670b8e686506bef92feb3437760f2cbe17df0e608daa8e8a25ba43d213b2309377c185e8f2b143fcd872156641a2ef0efbb3347457b770fd613173fed693524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e12492c5d4a402ff257d77b15114004

SHA1
e32d8017debddf5ff524e2ae1eb069f441a787be

SHA256
42720a62289d36f11fee46189511d5fc1d3bfe25ebaa58a1fefa6b9a8f34ba9b

SHA512
97458069900aff35deb4ba9d9091eccb2ab2276538c2f71088d6194eacf4c5d9a31766805a8406c29a7834303f668575d61e5bfc5d4b289e45972878197beb86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
26ea70e967cac4fcf78c21fff80679c9

SHA1
0bc92574525fce8dd343572d6d68060198a0a71b

SHA256
5e6b36dc0a0466bf2850e54e8fbdead5c1c5354aa3da257cd533aa37adc18010

SHA512
b8818e6aa4910d00f0699166da42e893edbb25aefc3b89377ac5153951fabf2fa00b6ff57ac20bb945e9b4b12479648b0e56565d1d809ef7462066305fb24e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b26f0e8e5472ea8dc1c6c9e14b76b387

SHA1
6c5fcd7f881e376523fed21468414ef8c35c731b

SHA256
66ac60a3801aeb6b1c1a7bc997e08c432c0cccefb26928cd07932dd9db0482f6

SHA512
30d0b15cdef9e9d83c5901e31e159d83cc8e5d0482d40e3ff4801fca4c1a516ef30c89b5d4dcd983e9bf6e0b1161addb6af408179e3c64c57e80697d83dbecc1

Download Submit