9e61a9e33a307c2b2da33dc3364a9c0aa005e8b1386782bcef7986f336aa9e33

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

751c1b09030f3b89599b7246f9ce64eb_JaffaCakes118.html
Size

167KB
MD5

751c1b09030f3b89599b7246f9ce64eb
SHA1

7124bbc8609a9e88c6fa074fd23bfbe0fc58debc
SHA256

9e61a9e33a307c2b2da33dc3364a9c0aa005e8b1386782bcef7986f336aa9e33
SHA512

2b30c201ac3aac69c04e31afd896c8b0c6a50e62c1db183a9370350074675d426b259444445a661af82b5bc093e7b90a733c5219681728495b0423c71a9a93d3
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcBBGHA6SwL3x555cZgjHDtp:stjvL3B

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
560	msedge.exe
560	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
560	msedge.exe
560	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe
560	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 2268	560	msedge.exe	84
PID 560 wrote to memory of 2268	560	msedge.exe	84
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 3088	560	msedge.exe	85
PID 560 wrote to memory of 2384	560	msedge.exe	86
PID 560 wrote to memory of 2384	560	msedge.exe	86
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87
PID 560 wrote to memory of 1540	560	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\751c1b09030f3b89599b7246f9ce64eb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf0d146f8,0x7ffdf0d14708,0x7ffdf0d14718
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2512578866099421229,6573170809972955914,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,2512578866099421229,6573170809972955914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,2512578866099421229,6573170809972955914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2512578866099421229,6573170809972955914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2512578866099421229,6573170809972955914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2512578866099421229,6573170809972955914,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e5220bb42a26f85e52316af8c0348447

SHA1
0929416d625d07f4a13fee318e4201add452a2b4

SHA256
ccdf4d39b84b9964dbbd91a61082f9352bde30f83ff0451e55355df182949309

SHA512
6cf1c1c6bfbe54d7d3adda87f089e72abefdb7cf3eaed5977dc0bdc47f59e208093ea07bddf8ebc89ba51146249b4948e55e918b3e84f8d6a246cc50d7fa955a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
734908c6a0cc51cb805600af5bb1be0e

SHA1
478a638bd1b9effacf412660e6a7ed14c2a9d370

SHA256
5fcd1e5ee115f1627de9f960e8a373686e4d2144aac1a8c05aef5483175db366

SHA512
38ccbe3672d441836a4a1919270b1b5b0bf91f138d1930eeb0c7db6ef67f80a71c77fd8499d728ac7be01bbc390031ef2b3ebcdb4f5b86c547eb890707943659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
171c4e21d828cf6c3814b1171b6a4fb6

SHA1
165e5d7d9d11c74a8a54b8e089b6e8d7f96416a9

SHA256
dd25f98e29f23bb61e210757eb6ad1257503100f4f0af8b847ca321861e9e3b9

SHA512
2b924a923a2c1d717f268ea36adaad3ee229d59a52f63a9f3e41afa9d270c53d1e6e6b1f0ef3de19b110a16a72b7d58ef1d0bbadb90085bb13cf9b23c47ff7c6

Download Submit