ed71c24598b5327b85c177420baf676b4deb5e05cc1bc119b403d156ac4dae98

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81c0ed6dfc6a21a39f82f5c935c7e7aa_JaffaCakes118.html
Size

226KB
MD5

81c0ed6dfc6a21a39f82f5c935c7e7aa
SHA1

6662d724412f74070f9cc356da32a5c7191c7d62
SHA256

ed71c24598b5327b85c177420baf676b4deb5e05cc1bc119b403d156ac4dae98
SHA512

37c1d5c3d4d24a2f626a35386436b015527ff2a281971be16ed32a885d0e1fc1db41a4254cbfed9555e54b096034348cca757c136c2bcdee91273557869fc8ad
SSDEEP

6144:2PFp+AwlxI+vg7L/BFnQ3FnkzUFzQ/Fdxa:sFp+AwlxI+vg7LpFSF/FGFdxa

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
3956	msedge.exe
3956	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3956 wrote to memory of 4028	3956	msedge.exe	84
PID 3956 wrote to memory of 4028	3956	msedge.exe	84
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2348	3956	msedge.exe	85
PID 3956 wrote to memory of 2172	3956	msedge.exe	86
PID 3956 wrote to memory of 2172	3956	msedge.exe	86
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87
PID 3956 wrote to memory of 2016	3956	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\81c0ed6dfc6a21a39f82f5c935c7e7aa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8450246f8,0x7ff845024708,0x7ff845024718
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1576142953408321279,4880545048844358969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,1576142953408321279,4880545048844358969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,1576142953408321279,4880545048844358969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1576142953408321279,4880545048844358969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1576142953408321279,4880545048844358969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1576142953408321279,4880545048844358969,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1336 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1576142953408321279,4880545048844358969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1336 /prefetch:1
  2⤵
  PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54a5c07b53c4009779045b54c5fa2f4c

SHA1
efa045dbe55278511fcf72160b6dc1ff61ac85a0

SHA256
ff9aa521bb8c638f0703a5405919a7c195d42998bedc8e2000e67c97c9dbc39f

SHA512
0276c6f10bb7f7c3da16d7226b4c7a2ab96744f106d3fea448faf6b52c05880fe65780683df75cca621e3b6fff0bd04defb395035a6c4024bb359c17e32be493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d3901cd618f65d66fb0643258e3ef906

SHA1
c9b42868c9119173ff2b1f871eeef5fa487c04f6

SHA256
1f74c3d5f4d41c4d5358e63ad09f8cede236eb66957f9888f42abf98b238c086

SHA512
89c122ea72ae3f26c94e34040e0f0a856506c8490ba36fce371a731b3f0588407c6356cca2ebea37ac829a67c2b398e298a64d5a72712172f69071264ca58e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
882B

MD5
545076dfced5e979507f92a6d61ab57d

SHA1
0ee0a91dc37ad14d43c099bf41d275497a6740a9

SHA256
bad97c32c4e4e75b270ba2faca310f672384ee2d171000633ca480b93d6c5db7

SHA512
ca6e7d916ebdf00f57813db16037f5ac46e5370d52a41b599f02040ab2effb016f4aad903d68dfafb1df23537b5cf81a1822ab19ff1550dbc17ca66be6e7e34d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55151e8c3027d2b8afd3c3637d548099

SHA1
85bd22b46c7c39772001ee3d325abf402d7cca78

SHA256
0a0948d23b77c3e334fc7a2185959dc469594982bd23153ae742f6bc68becc15

SHA512
307c87000c78bb55d10d9afced224114707f1218d3faf5644acea98deccf66b89911cea94f221a8995287bb4d153c974d23bcf16f2ddfe8a462cd684a101373a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f15374aa9c4b1c9524285c11f9c4005d

SHA1
6a1f4073f2e92c7995d54fba3bdf00b15d49368a

SHA256
3851a5361d2c57e1a9e3d3af315b793e7b4a4542fd7c1021965ad89d807ffb04

SHA512
2730c66233374cc0fdf9442f798f36d49c4fd7887547698548746f694aa8f68035585d7913a47c53034e639c514e0f8b7191ed6b699b98bb4bd7f68050d2bc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
386c8e290667d1ab91cbcc376a874119

SHA1
e52dad1bb5079d4585ec49f2642c018d97aadd45

SHA256
7424554a61667c39f87695dcdc20c4a36ee7fa707104228e74e7eea2a413d9c7

SHA512
96d8cdbfc3b15ef2f1817223db44155e8c31723f9829799c6317c59939b5be5c2a5b57da0b884a4edd0011a87ef6a5e485e50ed4fe2d3dd07e72f30b619279f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d6631b440dc76d31c4eed7209a5e891c

SHA1
9f9499950170203e5ad237e00fb872fa7d49bfae

SHA256
f124628895ce3719ab6c4d9297cbab374d5cfbf18b0fb616f6070656ffa4b765

SHA512
720128d148896154362863dc3216988c5e814889122698eb27724e79ba086beaea8d4fe0dc6f4e612e37c49b1206453b2f8df5922c365fba0f44bc335518e21d

Download Submit