4c36ecbeb4d5c792c2fa18c9617d6c77abd566ca273edcfc78a9185279343a05

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

279fba94c85c9c281d3245cdcdd5128a_JaffaCakes118.html
Size

139KB
MD5

279fba94c85c9c281d3245cdcdd5128a
SHA1

18ea660efb3034d0a1aaa62aadd0f7ee569d0e30
SHA256

4c36ecbeb4d5c792c2fa18c9617d6c77abd566ca273edcfc78a9185279343a05
SHA512

c59f48b5dbfc5754658e5a13a9a6ded05e042bb8bd229df247a25d110141e40c0c845f397daec9dd276e124eade1fe0a7eb18774eefa0335d1a30a5dd7f11526
SSDEEP

1536:SUNLQ3C1H0oI1rzhqIily+yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09M:SUcwyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
2352	msedge.exe
2352	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 1932	2352	msedge.exe	83
PID 2352 wrote to memory of 1932	2352	msedge.exe	83
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 3680	2352	msedge.exe	87
PID 2352 wrote to memory of 4524	2352	msedge.exe	88
PID 2352 wrote to memory of 4524	2352	msedge.exe	88
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89
PID 2352 wrote to memory of 3000	2352	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\279fba94c85c9c281d3245cdcdd5128a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda8d446f8,0x7ffda8d44708,0x7ffda8d44718
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3260705145804556503,4132805078083497668,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3260705145804556503,4132805078083497668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,3260705145804556503,4132805078083497668,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3000 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3260705145804556503,4132805078083497668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3260705145804556503,4132805078083497668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3260705145804556503,4132805078083497668,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
150f04b3c0a4ee0f2c1b3d75adf17357

SHA1
ec1e09ccc34fe16227ba41749b938ae70aedd76f

SHA256
c6965427293a2ad8071f8638a0403be9980da50e3622f2e98e6ad22200b13dd1

SHA512
f5b2696d204dcdca571536f1371afb07057dd645aafb528d9feb3cacd10a476a07693b4306d2a3164c095a101ede68adaab16759fde01ecb5d691ca71eec662d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3eb66329108395e1a9026f51d1c470e

SHA1
1f87c63cf6ce8e0c6ee16b35cfb452a11e5548b0

SHA256
b5cabc19c203adc9e30dccf1c6b81a7a30dab697d283c84d0e84836cfe169598

SHA512
e7a210999e64e4d1893b01127ba93a1bfca4e3ad9c2ecf147e917299f7212ef8ea696a22cb8eb061b9a1b3ad276099ffccbcdb27ba23651faeddcbf40a621dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8e920797c6dae3e61feeb75512f8779b

SHA1
6966002ee3d377bdd9a0d487723efcdae751a5b0

SHA256
5c4cc1633efca8e1a86905675bb91b131f752bea229b6e4f64dd2b4910f9291e

SHA512
e7046bcd7ebda1f79cd1c94b864922c8fec24c6f51d4951325a2d7f0ff43f505e6923d9cadd18a8ec60aaf2bcb06175424fbf5c9adbabccd8599ebd360c0e681

Download Submit