ca7c6ded8e8e92840c179232b056f0de0c25af78b72bbae14f1e0abebe79c891

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2024 05:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4f35830c802b2fb2163b3d64bcb5091_JaffaCakes118.html
Size

214KB
MD5

b4f35830c802b2fb2163b3d64bcb5091
SHA1

d12ace1e543b37d0f0b56d35b743c9cb5101f95d
SHA256

ca7c6ded8e8e92840c179232b056f0de0c25af78b72bbae14f1e0abebe79c891
SHA512

710ef5d59a89b3448a20c4f831862f602847a247394878024beaa3b26f89eabe63c432f89991e89b361c0b71c9c3d0f58d070944e25e50e9f36659de1ca368b9
SSDEEP

3072:prhB9CyHxX7Be7iAvtLPbAwuBNKifXTJT:Nz9VxLY7iAVLTBQJlT

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2628	msedge.exe
2628	msedge.exe
924	msedge.exe
924	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
924	msedge.exe
924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 924 wrote to memory of 1488	924	msedge.exe	84
PID 924 wrote to memory of 1488	924	msedge.exe	84
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 688	924	msedge.exe	85
PID 924 wrote to memory of 2628	924	msedge.exe	86
PID 924 wrote to memory of 2628	924	msedge.exe	86
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87
PID 924 wrote to memory of 1596	924	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\b4f35830c802b2fb2163b3d64bcb5091_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8e1246f8,0x7ffd8e124708,0x7ffd8e124718
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1210301090322923940,15002782750073448549,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1210301090322923940,15002782750073448549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,1210301090322923940,15002782750073448549,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1210301090322923940,15002782750073448549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1210301090322923940,15002782750073448549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1210301090322923940,15002782750073448549,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd45a1f62cddc464b5bc744c24a10510

SHA1
7e8b12e69102c1fe6e1511349de2340557106553

SHA256
9ac91e554fbf9793dd3c17ec9638f05be8c364a2b02299d944ef665b0976a1bb

SHA512
829b143c946ecb190980d84e8e78e266388dae8deac5bcace50f93513da9af14247e7e6e9ad6ebfcd9976465680cf6027dd374fe19717052c6ce2e3f1470a826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
167f886d5997ae75db7002f735ab12bc

SHA1
b74be906cd4bfad6f06a68968c1dc79b78c07dfb

SHA256
34fa14a5254015fa6627a86949855bd97f9fd441c7a3df2eced5a528733603bc

SHA512
27bd2409408a838565707fa1236849863adcdf699d3d0c534940d1f372510eca87ca15610c2ba9e78f88c692714ee0327fe41be2167dda31c254bbea8b1c5a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1932b7391d355cc0038be96a6c1731f1

SHA1
5663605e252d2d3c327856d17f2857530a11aabb

SHA256
bb0bb4eb3f0d8885235e11f77832272e34bda502fea96924178fda60867a5581

SHA512
e7a400093632a8845cc63809db4beaab8879fc941ba2d0eccaaffd01331a2254d12db768fc97237ec22701f676fd53984668e946157799bdb7cee82ce14b9ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6d5600117fa522692ff38062149ee5c5

SHA1
d7329443d5534e016c77d2a8bbc1086b16529b20

SHA256
b4a2d19561440d5d13f71e5d329b2fcab4571de0dcc28af3bc9fbb8fe200115c

SHA512
9edba21affc654222e4a719991bfb9ada6190528de0a3b116b38f9892fb468a5028b504a48f2c793130c0ab42edb879718ddb8359b28829a09633bbc6512175e

Download Submit