acc7a8c4ee923f7ff2c804eb275d9810725c2d26e646cd6f9d51767574240065

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-12-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3d13be3310a77b974ee3a3667e8f5dd_JaffaCakes118.html
Size

205KB
MD5

d3d13be3310a77b974ee3a3667e8f5dd
SHA1

51c50add3911cb84e69628ed0151ea4cf9ab5242
SHA256

acc7a8c4ee923f7ff2c804eb275d9810725c2d26e646cd6f9d51767574240065
SHA512

4521e8791f49a1dcb3988d6254cb0724fbdb54a4db323ca11ce96611611937d6b4131ba05f3db1641f6ff8a4877aa139ddd4603dcf40d27d3eb3cdf259330e95
SSDEEP

3072:UQ4SPZD3UcjvG8rM2hFcXmNRSFlct+KVJK0xl5c1t8KNU3mhi8QcjCFY0ZRxic6A:/JwXmNRK4xwt8KNU3m8v

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
3916	msedge.exe
3916	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 2672	3916	msedge.exe	83
PID 3916 wrote to memory of 2672	3916	msedge.exe	83
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 5112	3916	msedge.exe	84
PID 3916 wrote to memory of 4276	3916	msedge.exe	85
PID 3916 wrote to memory of 4276	3916	msedge.exe	85
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86
PID 3916 wrote to memory of 2676	3916	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\d3d13be3310a77b974ee3a3667e8f5dd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad15346f8,0x7ffad1534708,0x7ffad1534718
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13763660621790219977,13302194803707801640,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13763660621790219977,13302194803707801640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13763660621790219977,13302194803707801640,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13763660621790219977,13302194803707801640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13763660621790219977,13302194803707801640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13763660621790219977,13302194803707801640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13763660621790219977,13302194803707801640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13763660621790219977,13302194803707801640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13763660621790219977,13302194803707801640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13763660621790219977,13302194803707801640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13763660621790219977,13302194803707801640,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
41KB

MD5
9631c594f55c395f07b12046cb8fbf9d

SHA1
cd6532d1689166c19477923c73083eaaf8cd21e3

SHA256
a56a5d0f5f612bd39fb02fa1ff7a721a33fcb841f40c48757381b3b7c4a25726

SHA512
5d3bada46dbc583755c279b5ff3c155e15f16d51b6522752ab289bdb62b71abe1d91def5733ef7e77fc01d127508d07e2c67e731bde26a478c4780c8918ba105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
8cbeed7d989bed7420fb23a8a6f0484b

SHA1
012f950b04a8e234c7f0a854baeb9a1d1e634683

SHA256
c3e53c7756031e3fad8851e58b3ee2b9001bee64f53773033b9c663b64c8a3a4

SHA512
929f46d42b1fe5e7ad9f13f7f1b98f42d154c92f7c3138cf247ad3f645e7f192c258b4cd6d3c6a4c03be33d5ad7b9caba0c1000dedf739effc5711334aad9c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
25154cb4862ffca0f774073d2bd0d3bc

SHA1
7ec7a23f06408a46c83593d98bf5ec3ec91b7ab6

SHA256
29a8a84aba0c72687e668825651589529870e6aa63ca7a0a4bf5067c733868d8

SHA512
d01d9274608df12691e117182bfd5de3fcc27bf2e9282d17567c6198046b1fe0660b75b4efbf8ab6484ffe5bf25f1d7e44f0289b9fd35f5b6bc4ef33e2cbb2fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
453f819ff5e205c082c15cdfc991e878

SHA1
9dbd0b913b6a5b9378ddb1b4d8e4d3ebcf78ac2e

SHA256
2688815514b60e4cbcd283033e7d4e5e7659e0ebe40da4dbea16d7d6fc0eb8e3

SHA512
b0ceed790bd51b61a0f521ee45d97e2823d1ccd272de1e3cf4e5ef255a34a4711bce3da615e5b52bcc8a6853ea35901c61675909384013dd31566c77e29c2ba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f0c64b853c8f5c086077b09d58eaffed

SHA1
4a4822752c64badb4be4caee16cd47f7883cd31b

SHA256
d7d836f1955e92d81093a266eb429acf014b5590163abf466eb8011f3f70daf0

SHA512
31f3a0b3a47c6e30f7d6ec997daa1c72c4dc2b7d6fbd996a7f1258783fbf4bf6b154f84e549aa95384ada74adceb6dc8ba66b196557484fec8f67f89df734090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
61bc6694fe53c54c302cf09e8c864c92

SHA1
4545f85a8edc9a7289005a6bbae139fdd521ed2d

SHA256
09ba4ccf2aa82a92980a6f4c409465124d43963425f3d4af2b7781cfe115dfb0

SHA512
4e6a2a6c2aa912bb5721c7b161060dac49c5b962803aa68ff0b634811395a8bc221d77a90702702bf25d68aba3ba0abed9d6064eed2400c968ad2ceafc00cc9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
040069a6cc9eb195b24b209afc1b3ca8

SHA1
a63155e666979ab5c6c9e7db7c390563a27b8bd1

SHA256
97f26c3112863fd7e7dd0bd352cf4fe3c5c766af66c14b3f33b7dbc6e7e4dfd8

SHA512
38af940b75e231f2e0a549a57d64a870a1340b4e8d5d4283c9381bc33bed7f199932d01d2f5f2f4cc3bc68e26d035fdcaf2c42b56a831c00d048327788584660

Download Submit