d07b2c031f2749894e1f552a3148718493d507b477470e9953fa32e84698bfc7

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

157ef31c331de2b0496f135179447374_JaffaCakes118.html
Size

85KB
MD5

157ef31c331de2b0496f135179447374
SHA1

b544ef4e31ef76a518c51e29675fa8d1171444ef
SHA256

d07b2c031f2749894e1f552a3148718493d507b477470e9953fa32e84698bfc7
SHA512

991ba161fe82596488b8d7e7588ad7ee78be7a5c749095f43f455bce34b95420fab2c2c259f9724a23924080be0b880514f46485af001429212725d0fd46ab01
SSDEEP

1536:2+ipVn1BUNqvLKvr7R/FnVmWCUcSo0mjiMpbqqvmznhKv++nPLB1Vr:2BvLKvr7RTSiyuznhKv++nTB1B

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
1524	msedge.exe
1524	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 4924	1524	msedge.exe	82
PID 1524 wrote to memory of 4924	1524	msedge.exe	82
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3924	1524	msedge.exe	83
PID 1524 wrote to memory of 3588	1524	msedge.exe	84
PID 1524 wrote to memory of 3588	1524	msedge.exe	84
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85
PID 1524 wrote to memory of 320	1524	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\157ef31c331de2b0496f135179447374_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffee3946f8,0x7fffee394708,0x7fffee394718
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,10582514648301353171,11351350110830964542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,10582514648301353171,11351350110830964542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,10582514648301353171,11351350110830964542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10582514648301353171,11351350110830964542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10582514648301353171,11351350110830964542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,10582514648301353171,11351350110830964542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c5f3f15a96fc1b2c0b99058c8350b7c

SHA1
505d6dc123e5eb1060fa3557bcb97f4d962b80b1

SHA256
2d4ce23ce7e360b259c0e15a7426956324323f68beae8bb8639996ac2e95b7c4

SHA512
b71e229ec5d36d714efb4922b635ff2d53a670ee838446b95b7babb36522b80d73e207a74258cd8cb8bc3e869ef0daa79c4d5f3149f89ccac27788ded9c97801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a34b05fa563be1719c8867981adc600a

SHA1
9e8675589566e4ff164ad81570801ad03c72412e

SHA256
ebb3cd7cad923b72494e1c182ea3a2e9aba17469fca409bd0575f3b84f222c3b

SHA512
1b09075803df3af6e1e972638b814e92f3abe207055d67ce18ea0952ed04a8ff017f46bbbc62d3a97b92e9e0cb196f03603b6662f8604f4dc7f8ae526d9a8855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
10608386045764a4763d8a6476598a59

SHA1
306e03b66c4a7256ef618f34daeaa27c68f4599b

SHA256
afb8293eec935db2b88662f3506a3237ec533632812b1aa1f947534de06340ea

SHA512
edc02473f67f96d1f55b821b64dd7dbfcd2bce938927858cfeff44fab7fa912017f530ba8102a8fee5aa828cb818913926b7b6283a7db3343456d46724d35b74

Download Submit