8ef10b4e7d64cf7552231978cb1d90fe6dfc539adfb15eda04b112b07c7490b6

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81c8807881aeb36a7020e304c73f319c_JaffaCakes118.html
Size

21KB
MD5

81c8807881aeb36a7020e304c73f319c
SHA1

31d0be24b90ae667cc87d120b8b699e936bb9e6f
SHA256

8ef10b4e7d64cf7552231978cb1d90fe6dfc539adfb15eda04b112b07c7490b6
SHA512

c88de80b468a889c7051a7688ddf1f5a631846475e821d2280ec6180248df143be48a31de1121ad1bac0f06a7c0a06a5a13b7a2e66d1aa60dab8c7cf54dd943b
SSDEEP

384:banM891hsLimyVUqiSiDfQ3akZT1YuCxOuPwIZwMvwtyV6yV6yVQAhyV9skkUg+k:banM891hsLimyVY7DfQFdSusXEyV6yVR

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2024	msedge.exe
2024	msedge.exe
1268	msedge.exe
1268	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 2548	1268	msedge.exe	83
PID 1268 wrote to memory of 2548	1268	msedge.exe	83
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2480	1268	msedge.exe	84
PID 1268 wrote to memory of 2024	1268	msedge.exe	85
PID 1268 wrote to memory of 2024	1268	msedge.exe	85
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86
PID 1268 wrote to memory of 2020	1268	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\81c8807881aeb36a7020e304c73f319c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3e1146f8,0x7ffb3e114708,0x7ffb3e114718
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11886083949396155091,18256688012490831762,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,11886083949396155091,18256688012490831762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,11886083949396155091,18256688012490831762,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11886083949396155091,18256688012490831762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11886083949396155091,18256688012490831762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11886083949396155091,18256688012490831762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11886083949396155091,18256688012490831762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11886083949396155091,18256688012490831762,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1408 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
506e03d65052f54028056da258af8ae6

SHA1
c960e67d09834d528e12e062302a97c26e317d0e

SHA256
b26d2695dfe8aed4d0d67d11b46d4542c3c9c8964533404dfe32ce7a3e6cfb98

SHA512
15da55267433c41febebbe48983023293c6d436f89a56138cef1cea7deb5cdd7d4bcf58af12835e1152a8ec59e08cfc965e521eb54eed47fe44e1f4c2d1557a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a15dea0d79ea8ba114ad8141d7d10563

SHA1
9b730b2d809d4adef7e8b68660a05ac95b5b8478

SHA256
0c4dd77399040b8c38d41b77137861002ef209c79b486f7bbdb57b5834cd8dbf

SHA512
810fc1fb12bceae4ca3fad2a277682c2c56f0af91a329048adbeb433715b1f707927274e3e4a4479222f578e8218663533440c71b22c49735a290f907cc0af1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7163500ef07b89134ee61c181d7d6806

SHA1
70bc19bb71670e5d47b5e49cc71ddb3daff6fb0c

SHA256
036211b9beef22c61cfba06f353e014d3ad4a935016e3d3709fe763e71c95200

SHA512
dd2b629280c2d3187f91888891b60203d20199130b40c7b472bfd561e6fbb4a0e784eb8d00d7aeb715d530242a4e0893dbd967799e3ca76f5221dad948b46e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74c904111c211e16305ef25bd8ec46eb

SHA1
6f65c6f72de1d0c6dd7d95d344ea515979b2cf4c

SHA256
ce20b3563228d0640ae4f7595df826c36d57f897eed5b251de468220648bfd5e

SHA512
7a6ef703cf66b8eb8bdec9e1c30e27a07a55b4444bb8268da0f2c5655bc56904b8d65517c5378986ff4606128fe1b9c712f04916ae53bc760bc5e38070772da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4bcd4208e9484283f765cb2c236aa84

SHA1
7beca7981b106c111aeb19dda53000f0c3522d01

SHA256
e4e17a76a8333ab701b025b6238af3a8c22aac5f0cbce53fa693f3979668db30

SHA512
18f57c73432f8521029837857d0e51417b98099b5f69ffb0a5c7ffacc0197a7d410ab13096565bbdc649b8587fdf5c2a8f430d26f839b56feeac7051d5b27594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4b26d7090811ddeb709102e3f7efd09c

SHA1
dd6c929f481d39f22676d904eb9846e8b0fc7017

SHA256
2bba7e95c77b321564c877eaeba0449e0a16b01414616c03c1769fd7318e197a

SHA512
18d8a45a7d8467ab9c2dfb389e84b6854f1dc6cbb4325c6320ec96dbdb917699446d1c23bdd85543b0414d3af9128336f6b42550cd9f70e06319019a1e00e5b2

Download Submit