f3360002459171acd148d9568cf79bbcf4b1e1a9445b0399dc1b977503dff8c2

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 09:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ee81619b96b0ef9a22898cbdf961876_JaffaCakes118.html
Size

172KB
MD5

0ee81619b96b0ef9a22898cbdf961876
SHA1

dc065abe4140f0c9da981f2aa52cea6b494ea2a3
SHA256

f3360002459171acd148d9568cf79bbcf4b1e1a9445b0399dc1b977503dff8c2
SHA512

5cc8df64bc1b7e4a5387c6efb9a921687d843aa3a5394f474f35b301a19a689c4d5a6002d887601f6e9725bd33eb26cfcfc6f4295e51ff98a1d490df08465738
SSDEEP

768:b9Llbi7HchP46ZPxgj5PM4Skj3tmwZ3IQIBRrF8PmrBbWR3VQvtm3QZ:bBlbA8hQDMSIQXVQvk+

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
4580	msedge.exe
4580	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 336	4580	msedge.exe	82
PID 4580 wrote to memory of 336	4580	msedge.exe	82
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 2808	4580	msedge.exe	83
PID 4580 wrote to memory of 3232	4580	msedge.exe	84
PID 4580 wrote to memory of 3232	4580	msedge.exe	84
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85
PID 4580 wrote to memory of 3016	4580	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0ee81619b96b0ef9a22898cbdf961876_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa08db46f8,0x7ffa08db4708,0x7ffa08db4718
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,4461336586590372205,10333541358074342337,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,4461336586590372205,10333541358074342337,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,4461336586590372205,10333541358074342337,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4461336586590372205,10333541358074342337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4461336586590372205,10333541358074342337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4461336586590372205,10333541358074342337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4461336586590372205,10333541358074342337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4461336586590372205,10333541358074342337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4461336586590372205,10333541358074342337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4461336586590372205,10333541358074342337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,4461336586590372205,10333541358074342337,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4461336586590372205,10333541358074342337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1
  2⤵
  PID:1272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
cadd2a7f5caef1fa26d4581dce767e90

SHA1
1915375a8105577aef63722a4e255e27e54d23cd

SHA256
17188a52e19a9b3e3b096a28017292f9453eba1d616a975310fc474391d18ecc

SHA512
3e820df7a317a505ee0904051f406263810adccfa1187a4ce9873fb515bb1a19965de2bdaf87e43ae781244b4267b1d0b71c9466aa12ea821f24fff747591d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eacb9d1c045b864106b157806a00da5e

SHA1
5718f1ce41248c5dfe4ef22374b5b8435fd4e219

SHA256
5964c89f7820574fa724f60ce022e39661aa8b7e7a66a6b0d78b6def6ad58d19

SHA512
37b98c4afcbdcfe04cd34fffbb5fca436afaafe37ab9037f0aa5e0cc25532c3807f3fe388d7a26d7804b7cbb913b270bb908846195708a3fd4055c928b104adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a4150bccb870ff2496570c789df73fa1

SHA1
66b35f58d73a806a001df1b52796d46aa4b286d6

SHA256
b3a1f9cb6737be156fc795ca3a21fcbdf2cd4e60462720a0079805687c0291db

SHA512
11e70a108d737e9d8247abc1a6edead97dc0d67656414261a96af8caae5748f5f272c6f2c9e3f090d72f2bdfd8aeb34bda268d9d8151efdda4a06932760413f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6ef6b4f166059dc57be0d36d1806142a

SHA1
f51d172c8daec5eb10bffe71891c58954400da76

SHA256
6e3fe42c147b74a7090986e59523ac6b0e6cb85e868091a1ffe5986073aa1c53

SHA512
edebdcf5e01b65a9abbd6c4b2cad9b0ab239f6fe60db2fca48a1a9b4a28f6040fbaf584e5fdd3b11d763732eedf2d59ea288f28249008b82e40c7146b9cf9d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46b569423aa86e54db34d557bb4677df

SHA1
2b4b54eca256cd96a8c9faf96b3ff65990117bcd

SHA256
2d5c4b27d6d42d3e9339718217aa42707bc682be2cd2d9487d0481b5c4851111

SHA512
4950950355775b2f7027ced4c18c58ba4f9a861cbe4eaefdf888d402ac1d01cbc418f785818c938bacf26c3694b8690426e6f6c08da008042995c873d7e3854b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
36b89393a3940fa8af1fbfb35cc99dc7

SHA1
48e2069df64d85e9a329a79064a97c9b6412b895

SHA256
092ea955774cf702aba7537e951a5bd1de5e80882dbee198ee7dec7a3b891354

SHA512
01468c31e5d20f6ab516b1f10d3c53e5a8ba7a9fbb999033322495e53f30286fdf0f17cb4e74cf426cd938d0209fc11dcbdd0759ae5ce75fab3a4b60d61bbbc5

Download Submit