6230acb6612332fe105e89e398a843778106ad5afb5b4b0822d750308876ada8

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72545930b46df1b4711edcd1d79562e2_JaffaCakes118.html
Size

122KB
MD5

72545930b46df1b4711edcd1d79562e2
SHA1

6f6aea1b1f88233f30c0a300044b55d9dbe9e4d1
SHA256

6230acb6612332fe105e89e398a843778106ad5afb5b4b0822d750308876ada8
SHA512

69d10ceb6f98f144f233c7b3223bbc3c1a1eb835c8326d2b6b9c806622b2e1b021bfc318aeccc6d3cb11dcc25765d261ee03da3c9b48e7c0f784f4d550b5d2a2
SSDEEP

1536:U89Tu9pExeW1gAJLtLgQKyQdL1Ree3UZ7iLfi:Uau9mxeW1dX1cueW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
768	msedge.exe
768	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 3876	768	msedge.exe	84
PID 768 wrote to memory of 3876	768	msedge.exe	84
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 2940	768	msedge.exe	85
PID 768 wrote to memory of 4568	768	msedge.exe	86
PID 768 wrote to memory of 4568	768	msedge.exe	86
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87
PID 768 wrote to memory of 3244	768	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\72545930b46df1b4711edcd1d79562e2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff855aa46f8,0x7ff855aa4708,0x7ff855aa4718
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8319972800500015963,903248821815830895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8319972800500015963,903248821815830895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8319972800500015963,903248821815830895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8319972800500015963,903248821815830895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8319972800500015963,903248821815830895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8319972800500015963,903248821815830895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8319972800500015963,903248821815830895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8319972800500015963,903248821815830895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8319972800500015963,903248821815830895,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
56b353b783dc0d8238d3b2b3e16f6df0

SHA1
1b69b312e4e4c2148698b36eca4cfeb3a2bf759f

SHA256
af63bf7f3b1d8bad0d7756e49b9be5a96b84dd97d0c3e57305f63ca678a05fda

SHA512
5772402bb9c2fdfafb8582da2c932648db8b4f5c59fce0fb731b966166213670304544aea5dab1d6a48e9236d0e6dcbe6d6e92efc4732babc71b5666f0fb7d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb2ecb428d0565434110df7122258fb0

SHA1
f5adeb725dbf5c632e8ca091f5da337f41b8b106

SHA256
1ce9eef138362f179b15798ab242c001b77998727ca9515962676866fe481736

SHA512
6593b41e7d7d451060874f33c155b9ff855fc7a888405cb06bf87f235a5e4ee253da8a639b47ef223dd588c08265cde11713f6b3a332d58105c6b04aa77f88b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
865c87119a912cbe39923c283842f80f

SHA1
c719248771bb94f77e8cfdcdf9919509af9d88ba

SHA256
aa56112e53609b13b2802c7b724953dec4df684300365885dcc92ad7ba43f299

SHA512
8d7b24ba2cb1084977f5a7878a3d4e2fd5758d117b6d1b572ed639d47d361debd5e653a4ece7b505262c3b48e296f3c7c4b2a3ec1d41b97a64fd05e8c0c6ca82

Download Submit