a91d7e49d20c86313330db2a644bd97ec20233ad8235d17f7decf0f356117b17

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bd791b36bfc5bb378e2012b30af1feb_JaffaCakes118.html
Size

214KB
MD5

3bd791b36bfc5bb378e2012b30af1feb
SHA1

79e79ae00fc122de975355228a7f68c2f94b6370
SHA256

a91d7e49d20c86313330db2a644bd97ec20233ad8235d17f7decf0f356117b17
SHA512

2b9a9a20d06a024ee084aeea02cf9e86c3d993f2dda39e296d76ea775af578e854916c3013703eba92bc00000db06b9b0a096fe8df39718439129e7a63b28ff0
SSDEEP

3072:QrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJwp:Iz9VxLY7iAVLTBQJlwp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe
2728	msedge.exe
2728	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2728	msedge.exe
2728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 4744	2728	msedge.exe	83
PID 2728 wrote to memory of 4744	2728	msedge.exe	83
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4588	2728	msedge.exe	84
PID 2728 wrote to memory of 4884	2728	msedge.exe	85
PID 2728 wrote to memory of 4884	2728	msedge.exe	85
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86
PID 2728 wrote to memory of 2260	2728	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3bd791b36bfc5bb378e2012b30af1feb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8980046f8,0x7ff898004708,0x7ff898004718
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6525169227566037561,8569112036468072798,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,6525169227566037561,8569112036468072798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,6525169227566037561,8569112036468072798,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6525169227566037561,8569112036468072798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6525169227566037561,8569112036468072798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6525169227566037561,8569112036468072798,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1304 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\64179d8b-895a-4f59-bd5e-43e8ae197a6f.tmp

Filesize
10KB

MD5
ba5d6f29313744a05bf2505a924e54cb

SHA1
8c42b974b174dddb67d1933e61c6c58b14e259ba

SHA256
8e1d3608cf1f7009a708e6d94b6d1d2dea42479a82dc8cde919f3668ed781f12

SHA512
f557bda524319e6536f2383e553526e4364cdd97e2b90e382da001d3d8fffedcd3e30b9c103f50ba68c847dee2eead1d155cc1760fef89d3a0f4c67cadfd662f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd6587780e0890c280bef77ca9a78b80

SHA1
6f268862386ae45b4c3e50b0ff181399c68c0905

SHA256
6c6afc40f60c19cbd85e99c52ee95f3349d570171f154ae9f7ec53e7f70032eb

SHA512
0e8a9d78b59bd54c0777c6c690e80f881a09aa86a521b38e1079394b0ef8be160c7c53021a859d91f56c732ec9faf86b59e2c7079b4a70de12eceb10ab71dc53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c8dc4df14aa9bb732b3a5a6b1e48744

SHA1
80901b6364963516d025aeb041e69efff6ae5585

SHA256
3fc001a9de8e14f1407eb537f47732891743e91e14ac330572f8d3fc88a29d4d

SHA512
3ae8dc5a3d2da3504d347ae68817318bf590dbe14d68ca10255e7d1f63d41947d5bbbb7b958a8881a06018a8ab54923238d9f118d3bbc817293e44c20d29fb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2656b4b3192acda2c25860eb2acb25cc

SHA1
d71de55200eec9e8d0db80df76de3b89f16914d6

SHA256
581f9a0b5afdeffab67911e501e57be483b91f5c2a14285cdc052dbd61bac0c0

SHA512
c4aa72df8d65e670b64075b12f9ab91645a19d64c7f2ad3a44f3d538aa899f7362c4d14ace57030fb6820fafa9f5e26ed0041b181b88beafa71632ebb44f5bbe

Download Submit