4f64af3063fbe1fe71c9e71f9302bcb798e2b3b0c9dcbba4a50ae925d234256b

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 11:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3f7d018ef5a982035a5efd42d04f7e19_JaffaCakes118.html
Size

31KB
MD5

3f7d018ef5a982035a5efd42d04f7e19
SHA1

6bdaa9836e68a4401571134542040cfd0d27dfe9
SHA256

4f64af3063fbe1fe71c9e71f9302bcb798e2b3b0c9dcbba4a50ae925d234256b
SHA512

83a56360179eb0603e3ff802a977e3e9064e0c3e95cf3f12657b07594cee1d6b537a20fa9e5e864a8c1e1bd503569f16ffa1dbe830c37b137a365351880273bc
SSDEEP

384:d9S2g7bxnT0EipB0JnK4zTjodlfhhKKPd0FfMjPBPkPutQQvxH3lQTb/ASxlbXi7:d0T0EipBknKModBhxClaJ0utzWfDG

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3008	msedge.exe
3008	msedge.exe
1724	msedge.exe
1724	msedge.exe
4996	identity_helper.exe
4996	identity_helper.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 3136	1724	msedge.exe	85
PID 1724 wrote to memory of 3136	1724	msedge.exe	85
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 2980	1724	msedge.exe	86
PID 1724 wrote to memory of 3008	1724	msedge.exe	87
PID 1724 wrote to memory of 3008	1724	msedge.exe	87
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88
PID 1724 wrote to memory of 3944	1724	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3f7d018ef5a982035a5efd42d04f7e19_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81e1e46f8,0x7ff81e1e4708,0x7ff81e1e4718
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,5033012933972211894,864330294494744263,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,5033012933972211894,864330294494744263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,5033012933972211894,864330294494744263,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5033012933972211894,864330294494744263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5033012933972211894,864330294494744263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5033012933972211894,864330294494744263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,5033012933972211894,864330294494744263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,5033012933972211894,864330294494744263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5033012933972211894,864330294494744263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5033012933972211894,864330294494744263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5033012933972211894,864330294494744263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5033012933972211894,864330294494744263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,5033012933972211894,864330294494744263,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
395B

MD5
94e76f29def1de1e19c3e40d0b26acfc

SHA1
45b88b44bd866765312bd5bba89f72e844e9c341

SHA256
a1f8eb789a31b27253983d20b1447013b7edcd26c88c68a362a4a448ca2bc54d

SHA512
7e1a3f34e137ef0e356de7e7475f6d19cc1720257a71ab39b6a3e7eb57048371bbd72aa57c6dab69bb50443c8168299a454859056e93df6a8920bc5e4bb62a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d39d8757169a1a7bcbda42d09a182c6

SHA1
3576daecb35698d961984514f13838a490eb80b6

SHA256
bc3a1207dd8acb7bb7ef2306b07260fd203c39a23d0c7bedf0cb881864115b5a

SHA512
346485a8f7cefbc7ff97a90974a1ab4bb3947d700ab94576149b0627296e389384cd443fe4c9b24ad75f442ecbe7a69b14efaf146fe8675ba360945096a09736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60041629b5791f67cc03324144ae421a

SHA1
f7560b83e4887c91301ad040842d21449c9ab4cf

SHA256
413edb38a2f084e69cc12a495fb5ab91f0f6c8fbb3e978a746cf41df4b5d0e22

SHA512
21453d11252dddfde4b5ddc33e37d154765c2a76917e56225d5042e0f35445f110c7c1f1c1f7349a867ff2e2d836f563e456457ec84539d0036a80be966753f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50bc2f7237ad6305f518531850a6eada

SHA1
bd1f651ca91f8ace3f0d92b8a2af00627b50e5e6

SHA256
1d6aa276d8bebe011ba84f2a1639eacd3105e0bc387f710094bc42c711047fbb

SHA512
055b77a3076816b9eb1d25f0080b3857551f913563ba8f6d9c3f1f86125256bda3ed87fd853155335f88ec40fac0c584936fb58fdb6b223e2af6f3298ab58829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
46017ad9135a5b0d69ad6beb4f875309

SHA1
1cd3911a2ca3d85cb71d747224ad9a147624f905

SHA256
d27f853ba8414ec8af5912149ccedd47b786f7e7672e435e2aa88cf659cde9dd

SHA512
fe0c79c2fa454c20cf9517a0c708cd25be2f20ea179fec67c6c7b2b6d61514be7bbdd40e836b7e3bfe80fc23c42b2fbbac50940bbdc87ff28554ae078e3bfb87

Download Submit