60dfd1fc12e86e3e17230f8766fd4f515ad905f55d9109a3986d3f0e4d45c45a

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01/08/2024, 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81ce331ab14c014795b3105a10d412c8_JaffaCakes118.html
Size

120KB
MD5

81ce331ab14c014795b3105a10d412c8
SHA1

a96e68fbbf95277e8a410dd0c10bab9a8650f143
SHA256

60dfd1fc12e86e3e17230f8766fd4f515ad905f55d9109a3986d3f0e4d45c45a
SHA512

2ef62dd1d551fb47f2a562e27c57ebc44aab02ecb72d476b3fb421fc6c2b3143a07d3d6a2d7752fce1edd04a07ca715229aaa0f51a641fd07600aff13bcb97b8
SSDEEP

1536:0H6+kOYC0pBatFp/cJ2tFzZUFvoXQFkC52p:9+kOlQ0tve2t/Qqp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4196	msedge.exe
4196	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 396	4196	msedge.exe	83
PID 4196 wrote to memory of 396	4196	msedge.exe	83
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4860	4196	msedge.exe	85
PID 4196 wrote to memory of 4564	4196	msedge.exe	86
PID 4196 wrote to memory of 4564	4196	msedge.exe	86
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87
PID 4196 wrote to memory of 3892	4196	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\81ce331ab14c014795b3105a10d412c8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9713746f8,0x7ff971374708,0x7ff971374718
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,13723242990076401480,5734516158540808378,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,13723242990076401480,5734516158540808378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,13723242990076401480,5734516158540808378,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13723242990076401480,5734516158540808378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13723242990076401480,5734516158540808378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13723242990076401480,5734516158540808378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13723242990076401480,5734516158540808378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13723242990076401480,5734516158540808378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,13723242990076401480,5734516158540808378,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8d8ccfa6a8b1b15db876b848b8fdc102

SHA1
dc7d92c35e9c84d8d78ac0aedc926214cee68135

SHA256
b48f98046030e23b843422251481c3f19cfa0cf71fb36a8ff89dfcb152761f86

SHA512
6ae61b6cf236082b9930686ad2650c3ce3fa337550363e0858062dbb399093b0ac6bbca3d4c40101e222ce764fa4fb704bfc591e6d5b0a6c165f170cd6c9d5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e22c2898ac78c14a840076a8446b9d

SHA1
ff5b7cca3ff2c4e77e6330e2c5e2b62bb56e9fe6

SHA256
a5e570fc8d3a52027db48adf1301fe8dffc500a4bef04d0d6bff15fff78ade8d

SHA512
19381615be8f53ccae56a21c29c314c3247ac78fd3cf838f52ca98757b54f945f0d178cfb44ea5ad42fc68b3d3e6e7ce4e4f40eb69f791fa5132f591c62388e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a042c7b6d433c28b371dde63d294a73

SHA1
51e5fde00f79f82da2cb4625a8891daa198cbb64

SHA256
ee48924e62dceb9ae0755339156af28bf12acecf935c3b80e6823fa5d3b06343

SHA512
54a6a2dd35cd9ef74cafbba8809cb5d7e59eec97745a3bcd609a083e3844c445a57c51bfa56354608307cdfc1ee82f56483235dc9cbbad99af9f56ee01a76de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5afaad59ace2766d5a69e6fc06dfc90

SHA1
13359e3178091e9f98d2a133705dedf05ae6a7b6

SHA256
95da32e7ae42965669412823f97b68da164c0d9902e8618810f4785e46b0f900

SHA512
56d69ed4b0994bde1517ca54e27209914af798f57a7840ab50d49c86a0ffc8ef388e3c31488fe67a3a8138059c13d0e9ab3ba63174bfed6e6acd1f6c4592e296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0b704b3b789fd9255862174d29361f68

SHA1
05bd24713b01601cac9ac1809aa727d2ce4f4408

SHA256
8e1d840a781f1f6a7239e0a18cfb5a8fb3ccee670f21bc09af06fff08e1960c9

SHA512
25141b9e9469f2f160e6a4185b14215cd7bae740c6d134970e830658b3d4f1a8c758cac9cc41ba4f630239901dd1e3411ed51286754e167b45211b9aea7be50d

Download Submit