e2aa3950fa91f2e19eefaa121e47da617f4a68d9ed9a2d7f31754d63198522fa

Analysis

max time kernel
145s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75aa8f7e0c8349baec506286639484a9_JaffaCakes118.html
Size

483KB
MD5

75aa8f7e0c8349baec506286639484a9
SHA1

fe547f198cc92371b302d45cadb4ac02cc8b6e9e
SHA256

e2aa3950fa91f2e19eefaa121e47da617f4a68d9ed9a2d7f31754d63198522fa
SHA512

2c76c318365a575bb5e0a8bda1790d91f44e795afa16a9a9f437db65ebffa86c1e3ca7d5b2f68bd2bf3944a5381fee43db1aeb9486c4a418d41a842adb9eed82
SSDEEP

3072:HZh6kSts/QjDpJ2L95rk2JnKjkPHntii3blkCEK3LimBKmP+pGQzDCr0qb0xCB1k:Z3TUM3V8JjoZVHBv9Of

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4836	msedge.exe
4836	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 2764	4836	msedge.exe	84
PID 4836 wrote to memory of 2764	4836	msedge.exe	84
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 564	4836	msedge.exe	85
PID 4836 wrote to memory of 4704	4836	msedge.exe	86
PID 4836 wrote to memory of 4704	4836	msedge.exe	86
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87
PID 4836 wrote to memory of 1724	4836	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\75aa8f7e0c8349baec506286639484a9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb9df46f8,0x7fffb9df4708,0x7fffb9df4718
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2299488973210891315,13839434595832695310,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2299488973210891315,13839434595832695310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2299488973210891315,13839434595832695310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2299488973210891315,13839434595832695310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2299488973210891315,13839434595832695310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2299488973210891315,13839434595832695310,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3044 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8b2e77c6-73c9-4bae-8631-88bb67a6ff2b.tmp

Filesize
10KB

MD5
8c9601b57044399f655e8cecbbfd03b7

SHA1
c1b5e1a44c012d003b00fb0bd6f78d0edb639376

SHA256
de69cc9f9df7827d17f0fd5cf02aec5e86398b5f3a14c1df73115c4b0eba04f0

SHA512
721f9126623e183b6dd1b66203717e5405c2fe1cfc92204cbf15413f7b57bdc10652c8fd7c55c95584399fbfbdfb19e1f1a56af05e6a49fb71b0c93931e2a331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e75e86d11d7dffd4ec7fe059539eb1b

SHA1
bd8c43572c1f6311cf99e2847336d95e00293e86

SHA256
851842745bf022d33e73c37bcdb641724a764065d378773376851df5ae55dbbb

SHA512
e83ef9bd550a865e89fb3697496ec807627bd39b78a789d92cdc17b2bf71c41903551adecb46a0d56812803e1bdfafe38b791aea27b68cf7ebf2c84473b3a26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b340561f-0ccc-4c95-98aa-e0205ebb057c.tmp

Filesize
5KB

MD5
389bf800d59cad22dd89be3fcd3ad1d2

SHA1
a65d5a9af31aa7bc2b80e7b02ee35e524fcb3586

SHA256
2e907878ecf1db293b3ea749dbaffe1c18ab0317404ea70518c3b1b7de1d0108

SHA512
d271ef2024caa6c33c3e0d5f843fc7793f79526478eae2f1b67d64692e1e86247e39c9f5327604e652da5ccefcdef2d366a573f4311da0d31133d49ea596ba75

Download Submit