ca0839879342583c5843a3b4d556db0009998c2b2b667f8d46ff351ff92831f6

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 16:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0fb40d3ad87e17c92e6d1c0755142219_JaffaCakes118.html
Size

142KB
MD5

0fb40d3ad87e17c92e6d1c0755142219
SHA1

039820c4b3a26dd2699e601fa475ea6c04f70eee
SHA256

ca0839879342583c5843a3b4d556db0009998c2b2b667f8d46ff351ff92831f6
SHA512

2f3b8dd81233c2100209520326d495dc111746cef060930ff81bea7f2363daf9bfe6014fcaeb788c377cbf9904329920ee48a3dc515ed7d76013a75142875b50
SSDEEP

3072:SS1H/IM9x7dyfkMY+BES09JXAnyrZalI+YQ:SS1H/IM9x7osMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
4376	msedge.exe
4376	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 2184	4376	msedge.exe	82
PID 4376 wrote to memory of 2184	4376	msedge.exe	82
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 4556	4376	msedge.exe	83
PID 4376 wrote to memory of 1300	4376	msedge.exe	84
PID 4376 wrote to memory of 1300	4376	msedge.exe	84
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85
PID 4376 wrote to memory of 4240	4376	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0fb40d3ad87e17c92e6d1c0755142219_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb6b846f8,0x7ffbb6b84708,0x7ffbb6b84718
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,17499202649418631868,6637095862640857603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,17499202649418631868,6637095862640857603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,17499202649418631868,6637095862640857603,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17499202649418631868,6637095862640857603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17499202649418631868,6637095862640857603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,17499202649418631868,6637095862640857603,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d2714cfbcc614bafd2aef8659df16aaa

SHA1
7981c45bd249d27dee80ad968f1bdb2e26072ad6

SHA256
bf9a2209c9536af7de8354f3d23cc441867763a8ba3c67933ac782e47899eb3b

SHA512
ff7fc1ed792fe9cec03cf6653f88f65afcb6bfc197e604653327ec203a643ad653da4c9a28172edc5b108bb7e65e9d319875bf6022c8b35a7501ebf62db94927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a729f7f38a1f45adbc1951e1fbdbc417

SHA1
9b9c0e4670b1ef62d54750378ef15029a81c4369

SHA256
2bdd36417dbfe6157bccaf1ba3d957743f19abb0f2e89bd78aa1a467defd6ca5

SHA512
7b0067e8aa0046bbafff0adaebae8877de11722664785b7ec484cc931d8c4f27ec88aef92a74349788b64653e2d864b62a4023f7e615d905a723ce929ae2e2a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d43a4430fecf57b4122630a011b28080

SHA1
b85caa78b453fd4ae29510894b721a93297c2cea

SHA256
c3389c598a6ec48e2ad8a4ee06c1f832b68af2b436a5d8e86b6e53fca4846deb

SHA512
ddb78a6ede0021da5fe8f668154b5b7f4890a1e76627616f8bc8c4046d359003f48a4189ba7e988d30057eeff64dfc8a34ddbf1f42003a18fe029840f7fa1b57

Download Submit