7ff9ef9ba5ce55e1bc49266a8e5111546950b4a0d7753cd5f09ad52b5cba224a

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8296ba8508aa8905b76821ba0a00d1c1_JaffaCakes118.html
Size

260KB
MD5

8296ba8508aa8905b76821ba0a00d1c1
SHA1

bde6af74603c1c78551e3cbcda617e0f6dd17654
SHA256

7ff9ef9ba5ce55e1bc49266a8e5111546950b4a0d7753cd5f09ad52b5cba224a
SHA512

85e50402b643313d084566c578e3e52f6ce9614e228c0e502bb160c60e4383a35a9c5421aa24593fc44d52df3bc13173d83b3636701073f5ff34030279d5bcaf
SSDEEP

3072:6TszxfmS/AZkS9Ga/E2k9j/jagaz+50m9fbnpRWevrLB66giW73lNTym+ZdB+sPo:iszxfmXl9GvPaga65rtgpNTye

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
336	msedge.exe
336	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
336	msedge.exe
336	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 336 wrote to memory of 4540	336	msedge.exe	83
PID 336 wrote to memory of 4540	336	msedge.exe	83
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 2956	336	msedge.exe	84
PID 336 wrote to memory of 432	336	msedge.exe	85
PID 336 wrote to memory of 432	336	msedge.exe	85
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86
PID 336 wrote to memory of 4508	336	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8296ba8508aa8905b76821ba0a00d1c1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc37d46f8,0x7ffbc37d4708,0x7ffbc37d4718
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1216357752736967097,3890167724342881265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,1216357752736967097,3890167724342881265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,1216357752736967097,3890167724342881265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1216357752736967097,3890167724342881265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1216357752736967097,3890167724342881265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1216357752736967097,3890167724342881265,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea9ef805116c4ab90b5800c7cd94ab71

SHA1
eb9c7b8922c8ef79eef1009ab7f530bb57fbbbea

SHA256
bff3e3629de76b8b8dd001c3d8fb986e841c392dfe1982081751b92f5bd567b0

SHA512
8c907d2616ce16cfe08ddeb632f93402e765c5d9430a46e90ab5ea32d4df0a854c6007b19f9b0168254ab7aadf720fed8c68d1a055704db09c1b36c201a9b3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
347755403306a2694773b0c232d3ab2c

SHA1
94d908aa90533fcaef3f1eb5aa93fee183d5f6ac

SHA256
d43f2dd4ac5b6ba779100eb8b84bc92fc8700bedcd339a801c5260b1bb3ce3bf

SHA512
98f1fb18bc34dfc224132dfa2a2e6a131b280b25fcb516fac3bb66da2a47c7a7061124881de6fa5f65602663dc0ea71357b171a3346bb1514176943438322253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
17059fac76ac1c893b8fe3f40fab5cc6

SHA1
1a0d1f9851d59dde1b37a16f6d8373c42269a1f3

SHA256
7128eacac028379b18d46a77d10b4c4be165115a91034b06d3e780e7b0183ef9

SHA512
752bb8b1bb91e6afa0c84c935431f80c58353ca0b2f378f88b1a28d769e11081e6f8e9c267bf4e8d4d6b5b04cbbb39a883527dbae958e563b8f467e65fe2a08f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
994e7978d4aeb2a15d1a5f2a12c6d6e2

SHA1
aba83b1294cc06135fa62212b8f07d6be908efea

SHA256
1668fa0b8c9d1e9c028f96e99de7259b0cdc83be7391067835830acc39fec23a

SHA512
3078e776138f84951f230fdeb22d4be542fa5a457c062527f9c8f870769b46fb1133662a74bfa8a2fc182f4ca226fe0912a0ea721bfd00dd51d16e093c0f228a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4bdc0dc3117d02c6c5efee1a92e2f721

SHA1
53749afbc577718a8ce595d748d003cdc1b79072

SHA256
3c567ff5574c4d439876f00ba82fe534a6bccf4dbe521d90ea6fdb1e6959618b

SHA512
744e03d5e72cf216fb1e9d39c6d52627cf8cbc4af799dd8a0406a32fd59711649555b3a4d5f461cc827b69ff8643fb744d0be292162c7360c1096ed142b822c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c83013c5012381728e80ad3d8c39aec8

SHA1
b5d5e35fa5e43bf3f215a65cd81de690e9dcc187

SHA256
f11b0cdc50d85336a05c08c7da5a395afe5c916f02d71315a86cab3ed563c867

SHA512
dad393dd9a8f04e24297a4e39f85d2bb520a780b3a928d73d93564c6f9b1fb1cfc60619cc386aea1eee8f505a0956f687728e2b4f1f818abc3a8dd27bb04f3ee

Download Submit