25687bc9432f419307200fbfc6ab2784c94292f75099be7c54d54129412b4a9c

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 12:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6f98a3fc531754664060cb7f059862d7_JaffaCakes118.html
Size

189KB
MD5

6f98a3fc531754664060cb7f059862d7
SHA1

47f86ed68e90978ed228ed6144b29aa0cc9e49d0
SHA256

25687bc9432f419307200fbfc6ab2784c94292f75099be7c54d54129412b4a9c
SHA512

c05fc6d50f7db0d336f7d46c3ac96894972487c685d489187def24c2e193b7c9ecdef9501647a5b782c5d86c7bb14753714ea97aa9f930ab5cfdc89713e7bca7
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fc//oHAmsYL13DEUMd0ScFcZeRZZ/p:szr9LECX

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
3956	msedge.exe
3956	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3956 wrote to memory of 884	3956	msedge.exe	84
PID 3956 wrote to memory of 884	3956	msedge.exe	84
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1848	3956	msedge.exe	85
PID 3956 wrote to memory of 1924	3956	msedge.exe	86
PID 3956 wrote to memory of 1924	3956	msedge.exe	86
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87
PID 3956 wrote to memory of 3012	3956	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6f98a3fc531754664060cb7f059862d7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbb6046f8,0x7fffbb604708,0x7fffbb604718
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,9279202388605989568,13915762074778426060,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,9279202388605989568,13915762074778426060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,9279202388605989568,13915762074778426060,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9279202388605989568,13915762074778426060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9279202388605989568,13915762074778426060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,9279202388605989568,13915762074778426060,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2640 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a182b3b155be709fe17dfa911ec64228

SHA1
6d689cb1ed60b325799d56e71a8f0bc9f6d4fe84

SHA256
6a08a528b443750f1da43711d299d6598bf9fb57f5e0053c46866e7aa2d03de7

SHA512
c3b6d536de4d2b3d3960d679d56dc02ef43c6546e6bc92e65f4058504eba6365c81e6ce32a67045ebde46c3955b68c5131fa654cd7b214c761f61cc4908431e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8d7605dc12930877cec9bf73eee47a7

SHA1
fa5880a3f9d9d9633c97ee039584b38cda0a9c1f

SHA256
ca42aec5b19abb87357454ebefcf9e1130d999edc1c62da36461c8cdc91fb284

SHA512
3f0d2aaac5e4e2ab4a8cd10e4ff6bd3947aa0bd8a772fab33a596fb299e77e9d9f75a44ebe2d1eedca3605aba4ace7ea22bccd63f2cf9c40194c4b7b0de30a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
64178f5b79e7b41d3e0cbbf590c8e823

SHA1
c4b95b4a67488c0923c268b8cbe8061b9edd00ad

SHA256
6b9ae0f0b6939ba40256cdbc1467aaaa3f9eba0dc6265515f5388658bbfab139

SHA512
d584a9e6e574ad2ebe7851cab1eb53ff7147fc294fc367947e0f5f963eca54358cb8cb1f8c2ac3e535359f1ec8ba2761da15f8b3afa41b711783a28c82ca4028

Download Submit