72c2d3f2b9bb3fe5f299b0242c0b09e32c0dd0925f84698acb534e85ad7843c2

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 23:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

07e0231ece89c10cc7a9326562dda440_JaffaCakes118.html
Size

139KB
MD5

07e0231ece89c10cc7a9326562dda440
SHA1

c3c2ac909a2f3947cb433fb4b3a006fd12be4e9d
SHA256

72c2d3f2b9bb3fe5f299b0242c0b09e32c0dd0925f84698acb534e85ad7843c2
SHA512

6cdf2a21430b8561af2e738db2f304c4aaf3b4f2227a7bd3f74f9741ff2939e22443af696b928496c95166a96d5451e75e59a77063711c8d844fe12dcf3bcc51
SSDEEP

1536:SCQv4NZp/llAPyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:SCQKXAPyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3952	msedge.exe
3952	msedge.exe
4864	msedge.exe
4864	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3952	msedge.exe
3952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3952 wrote to memory of 2084	3952	msedge.exe	82
PID 3952 wrote to memory of 2084	3952	msedge.exe	82
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4304	3952	msedge.exe	83
PID 3952 wrote to memory of 4864	3952	msedge.exe	84
PID 3952 wrote to memory of 4864	3952	msedge.exe	84
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85
PID 3952 wrote to memory of 3364	3952	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\07e0231ece89c10cc7a9326562dda440_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10624508478281553151,710107739670017564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,10624508478281553151,710107739670017564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,10624508478281553151,710107739670017564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10624508478281553151,710107739670017564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10624508478281553151,710107739670017564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10624508478281553151,710107739670017564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
477B

MD5
438437864f5bb7a1758227dfcefda87e

SHA1
9d36dfe28f1a0cd7a7136b2ab0066e657bdb0042

SHA256
2a4dc5f53c98ae2277852cf10357637d1ac5e9e5489a7f87440283e025a26ef8

SHA512
045af36ffd4123e4ae160fdb82b1ca13a9cdfee52be29a5508866e52213ecfbfc47495deefe146392e7ab5d82a2ae6cc0eff42924b694328e1275b3e9b2dde89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
19666df4cbc513515d5166ba2a6e9a19

SHA1
d29952526ed52e8de1d60aaffb23a1b660e0ddab

SHA256
51c14ce6143ecb678fcde7a00b4d1be32a2ef7bccac17b9677070ea9e663841f

SHA512
4da86d3d739bffc9d2ed8b9e512f4c2d643a239359faf27d6ed7d98da9bff9d5f9510506b0a4aa68153d1873d8e604769a69e8f00ea08209ddd19642ae355b72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ff479b36498ae0aed65a62ac58c4f82

SHA1
4f7ed9d041feaf2bbcfbff7a0f7fb24412e5a9ea

SHA256
8cfde05d9789199a7b4026e8083da18898e773a52e2c60c15ab19e0086d2cc70

SHA512
a1f169aee583caa8a4c1b311df36bade4204d973f00bef84454b0e53cdb01bb7716fcc5351c9735fed182a0988b69c814dc86fb13c267b06ba3d96673fba87cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c927faa3241d2c86135520b7ae81a12c

SHA1
6ec6f02ef904537fae077361b7dddb783e7f9654

SHA256
e5ff7ab7baca72971d77688ddd0b29dd26f18ee405bce59c12fa7618a34510b6

SHA512
5df202ef3dac22e1da6854426efc3a7b3891261e9f1afaaacb89af2c1589fabcf5f9ffe006ba7f7f44b97af7754968147c95735745e89c995acb4030ff869152

Download Submit