047478ad63d10b90ba6b99748897c9d848925bba7000685ba167a562d4b35fe0

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f9d59a1132068cd2b6d7e149743521f_JaffaCakes118.html
Size

115KB
MD5

6f9d59a1132068cd2b6d7e149743521f
SHA1

f92e2a36f1ffb5c6ff266d252c608dee538dcdf9
SHA256

047478ad63d10b90ba6b99748897c9d848925bba7000685ba167a562d4b35fe0
SHA512

6469608b599fd0d4490ee90c100227e474dc25a173286354f0fdd9c8f1af438b55f48ee69c3ef9437e29bc30ddbb3dd623ee9a8350a961a569f2fee0d6a5f8cc
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcUAoHAB4ALQw+BcZza24mp:sbYtLiy

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4908	msedge.exe
4908	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 1736	4908	msedge.exe	84
PID 4908 wrote to memory of 1736	4908	msedge.exe	84
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 2784	4908	msedge.exe	85
PID 4908 wrote to memory of 4048	4908	msedge.exe	86
PID 4908 wrote to memory of 4048	4908	msedge.exe	86
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87
PID 4908 wrote to memory of 1104	4908	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6f9d59a1132068cd2b6d7e149743521f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1d1946f8,0x7ffa1d194708,0x7ffa1d194718
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,15670346303653585452,13302204428981367280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,15670346303653585452,13302204428981367280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,15670346303653585452,13302204428981367280,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15670346303653585452,13302204428981367280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15670346303653585452,13302204428981367280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,15670346303653585452,13302204428981367280,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9430035b4b5f429e74d732b67302d70

SHA1
d94e7bb650b7c018c4784631f8ecf47a0da676b3

SHA256
3cff7f82e5911ccbc076c7f32b51a127c3ad874f2c6f740312af06ec49f8547b

SHA512
aded298f0eb89111ff4b30ffcc8f1cab1f8c08fd7886a98eab27dc17c048f437b11efab8ce466c63e9905574b227edbccff63c532b8753be344d3a3331a9d478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc1e4942850f3dbc0038e18892abc5d5

SHA1
8a40bcc241dc06a5fdba570f7d24b45da9e3a75c

SHA256
f34a9c3904778e57a9a8039a05281431952d11735a9d562246304905b434a441

SHA512
804275aa77f56b885c291dad9ab147d33ac06b890060bebef47ead358c2f4a2d842258977b7d57aedc78aa9412bcf74e83611af838cdb5fde5da8188ddfebcaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
71085ce7e3539a685b5edaa765e5fce2

SHA1
e4c6e856b09259c92c8ea3b9c9e95f3909ed78c4

SHA256
e0b12e3fb93a67372c3315ff74f522fe84fdcae331acb2575ac4e4d29fc44a4b

SHA512
f1697ff521c50ed46bd90aaa213c86cc0de7471e494b4fbfd081a5790c5903b32c629cc1446a69d750190a9b661b37054e681c90502d690f1eedc6bfbd296205

Download Submit