cec1b430708a092cd47a833dc019a9a495aaef16fcf062af3e099f783ad7f459

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a3ba2e4344794b45ffa5c07c14080e2_JaffaCakes118.html
Size

85KB
MD5

0a3ba2e4344794b45ffa5c07c14080e2
SHA1

4380a471a16f2fe1235ae4f7c75768f617a260eb
SHA256

cec1b430708a092cd47a833dc019a9a495aaef16fcf062af3e099f783ad7f459
SHA512

3c5c3d7eb64d769f6d36cc72d051c5db2fc1aa89cdd9dc09897f382d1bf79c11d3abf6a7e04848db14961cd427b5a50861214d4c667a50ba2a1c4b983a1c4994
SSDEEP

1536:L+ipVn1BUNqvLKvr7R/knVpWCU3So0mjiMpbqqvmznhKv++nPLB1VV:LBvLKvr7Ro0iyuznhKv++nTB1X

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1392	msedge.exe
1392	msedge.exe
1196	msedge.exe
1196	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1196	msedge.exe
1196	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 2088	1196	msedge.exe	82
PID 1196 wrote to memory of 2088	1196	msedge.exe	82
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 656	1196	msedge.exe	83
PID 1196 wrote to memory of 1392	1196	msedge.exe	84
PID 1196 wrote to memory of 1392	1196	msedge.exe	84
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85
PID 1196 wrote to memory of 4244	1196	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0a3ba2e4344794b45ffa5c07c14080e2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff381446f8,0x7fff38144708,0x7fff38144718
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17994347930523706375,12197876036315501342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17994347930523706375,12197876036315501342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17994347930523706375,12197876036315501342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17994347930523706375,12197876036315501342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17994347930523706375,12197876036315501342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17994347930523706375,12197876036315501342,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9da0e73072813dffe665b0f57f8719a0

SHA1
9702a7c1c68a1c8ce305283054dc5e5f7a4e70eb

SHA256
b98562fc3aaf51fe6837ae02bfcc23f9af98335d8f82baf771b7cc3ba4c0bee8

SHA512
33e2d4296be1f46badf01b00fd14a9387f8659133aec39b88c04da477faa4a936c948cb6e5f64c2321bc44eab690cd32a9ec99a695d390e14dcf21c356a518a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
976f5bcb108e7da37e9b39e82be93299

SHA1
c435cee2b930f62460983914c50259e67f8eef06

SHA256
6dcfbd7ade3b1813c8b48eab83a4179359f9c15319edad92cd48dbec51e5e7b4

SHA512
5969331883adc8fb9a16647c3646881b7422b07d0685321eb24add39f74106938f56c6662dc605d5aea12050eb8762901d3a757db64e3f2ed967668a10e01dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
513e9efca2bf1b45f38aa653c25e702e

SHA1
25c5de600d14a4fc36a8b866e95e61dcfc150c43

SHA256
ff10f45ce5514d83b865503a83f510a082fb5ad18d15d8f483d719477cbec48b

SHA512
5c3df974d245ceccc528756a1fcc45f90ff6ad6fe5534bf1bdf6ce8cf87658a833af5a7eb2e72376fe0eed159dd9a927b604c1c4a1ef756f30f6f5c75fbecf38

Download Submit