0720fc1433e8f67fb7f01e4bdb4d086b50ddf914707f41971e369a534cb711f7

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0849d403bc66aa762f7b6b6a891f3fb2_JaffaCakes118.html
Size

139KB
MD5

0849d403bc66aa762f7b6b6a891f3fb2
SHA1

37d1bc3fc946109271e4d153afe1267681a1cb61
SHA256

0720fc1433e8f67fb7f01e4bdb4d086b50ddf914707f41971e369a534cb711f7
SHA512

d3a9ab14feccb62661f72f8f9be8ecb6729e7d27195d7f6dd90245d88b4702c5a27d12331d4236caf1357d8ec742a8295743c200e1af618df2a3e84295becfbb
SSDEEP

1536:SWf9LgHZ7HylzqyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:SWfi9HdyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
1156	msedge.exe
1156	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 1300	1156	msedge.exe	82
PID 1156 wrote to memory of 1300	1156	msedge.exe	82
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4904	1156	msedge.exe	83
PID 1156 wrote to memory of 4560	1156	msedge.exe	84
PID 1156 wrote to memory of 4560	1156	msedge.exe	84
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85
PID 1156 wrote to memory of 4412	1156	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0849d403bc66aa762f7b6b6a891f3fb2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc437c46f8,0x7ffc437c4708,0x7ffc437c4718
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3616295328281335798,1708110450330679157,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3616295328281335798,1708110450330679157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3616295328281335798,1708110450330679157,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3616295328281335798,1708110450330679157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3616295328281335798,1708110450330679157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3616295328281335798,1708110450330679157,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3040 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff244fa170eb9cd640941decbc748f77

SHA1
b5b3cb7384d42a1f9ddb0339b267f16bd772453e

SHA256
86f0f416d50c835b656fe6a66860643ec84cd3274b8e4398baaa93774af2688b

SHA512
2defbb1e47c03c582e2f78c4ad1c625fdef733837e4d26dc95db7dacbf8a9cee1a05a0d06433b08879399eba96ecb349d91d2d0034e947e67f35e671e9ec435d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf3e80befb338cccb9255ebb0edfa056

SHA1
076843fc610b6cffb3ec86795694a6ed391670ca

SHA256
33ca83f0739d38d0ef078eb2f7209c6936c5d06148d32dea9587d7adc6fd6258

SHA512
021965c95663e90368bf14e8242f27a303319781ebcec10a10da539727b97fb6dc97be14d9331f9f105f4701ab807924ea75c3175dace546c825a3f202fb9f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2c36c76c1fd38781aa4bfcaad574ea05

SHA1
8e6a1dd3f6ee3c61b9a629eb549ad55447b54e73

SHA256
a2591366db835ae5be6e53c74d9e090cbfcbcb26618e28159efc08bbc9371581

SHA512
c487f258ce5864c9f76c5066634cc25c6697f1a5b86e2fd10f42d07508c24779f778c79d8c7ef2aed6e9992470edcad313a7d7d7f35e8e4056cbc80695aace4f

Download Submit