ca03fdc65d37a4584c0a70c52bd15c01d53265ee8d87093e49f84cfccff908bf

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 07:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0014d9486b8228a52148b8604f3d61c9_JaffaCakes118.html
Size

214KB
MD5

0014d9486b8228a52148b8604f3d61c9
SHA1

4660cf8f3173d9d58bbea803ee9bfd6e747fa18c
SHA256

ca03fdc65d37a4584c0a70c52bd15c01d53265ee8d87093e49f84cfccff908bf
SHA512

5abcd790b9843c43c0907016b60534dd41dd49932f45c8351fddd3e12235194c98a60d4ea36056cabcb52f0a83424e400cb4dfd0215eec1e69b1522213b76cac
SSDEEP

3072:yrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJA:az9VxLY7iAVLTBQJlA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
2260	msedge.exe
2260	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 5060	2260	msedge.exe	82
PID 2260 wrote to memory of 5060	2260	msedge.exe	82
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3236	2260	msedge.exe	83
PID 2260 wrote to memory of 3880	2260	msedge.exe	84
PID 2260 wrote to memory of 3880	2260	msedge.exe	84
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85
PID 2260 wrote to memory of 748	2260	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0014d9486b8228a52148b8604f3d61c9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb61a646f8,0x7ffb61a64708,0x7ffb61a64718
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15191390396006682939,15534936393697780774,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,15191390396006682939,15534936393697780774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,15191390396006682939,15534936393697780774,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15191390396006682939,15534936393697780774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15191390396006682939,15534936393697780774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15191390396006682939,15534936393697780774,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
29c505168ca38891d6a3883834743d9d

SHA1
0e9b6a9996de238e4f842af94cf7a2a92e87e394

SHA256
cdd0abde1b5cf1b8fefc50fdae102ce47c10449364b6df0ad8d2b68485268bc4

SHA512
e2756cd69423c60f082e416ca123a3c99ad669d8b636403cc623b756ea7cb8b5009ad9d83223faf89f2ca0b77da70b0affcf500600e4245d738b8b50cdcd5eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9302163f5bf3baa2d430a5a609dc4add

SHA1
1067612cdd57eefff0af2dbd288048e879166dbe

SHA256
66a79ecbc8e1d1ae892a2f74be6003fc3ee8d975202eea71a9200a0fe3039570

SHA512
6f1b2035334b9fb58560b5ab1a01ca9b0a6ee30263f39b3b3858b7517f425df5cd14adb3146095b1917c12cc25050e3e7c6ccf45ae049db2c5da07bee99f837a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f3e23eb8ab1f16078cf39f7c3e7f7c4

SHA1
76dde3036ea36dd95d9e5c58f1df49dbe796ccba

SHA256
e7a45b4d366afd4fef8001a2d24b6e9e3b3f7090ec6fc9575ca5652064e320f0

SHA512
4d6e0be2241ba967c2ef33ca05cdfb264cc9391b12786adc1f838eac3ae09f88c828a762a28fa1af442583fc6727419049ff098e1dd8d69399f473ee892ab311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7482e6cd8fad80f6c5686a351cf411ac

SHA1
83253c329c811136c3c4137937ec42fbeaed1da0

SHA256
8d7a982afe16f2787ed61c062ec12ceb9a66513db6a8366ef49d5b253571af20

SHA512
7f1e8adb2f603e1a25b43fe0f6a1d0b8592f50fea00cef19e263686c7408bff8e60fa70fb47704bca50acb72bcfbcdb42fed4f5393de72227880580467cfd175

Download Submit