322caf572ecb3a2149a55405b1d9b7ae48cf21008734d43ff58104e98aa38b5f

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8297fee06bae5b900390d2c17a9d9a58_JaffaCakes118.html
Size

120KB
MD5

8297fee06bae5b900390d2c17a9d9a58
SHA1

5b017195d26215d07ba9cb9e778a570d047b7234
SHA256

322caf572ecb3a2149a55405b1d9b7ae48cf21008734d43ff58104e98aa38b5f
SHA512

33b4a2f51e238278dd9283ec070ca5e5d58511329400151dcc3683524ee7a1a352a0c7f56d4b1490c01bbde98c3a2e672f40a371a3aafbec683f52c21bc2883e
SSDEEP

1536:8msIhXh4E8umz0XrhYQZLe4s0rbsREiHYLqZ7:CIEE8umz0XrdZL7s0rInb7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
4608	msedge.exe
4608	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 4932	4608	msedge.exe	83
PID 4608 wrote to memory of 4932	4608	msedge.exe	83
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 1320	4608	msedge.exe	84
PID 4608 wrote to memory of 3492	4608	msedge.exe	85
PID 4608 wrote to memory of 3492	4608	msedge.exe	85
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86
PID 4608 wrote to memory of 1916	4608	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8297fee06bae5b900390d2c17a9d9a58_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffb3dfe46f8,0x7ffb3dfe4708,0x7ffb3dfe4718
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,11725183761980724184,4366066382527803550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,11725183761980724184,4366066382527803550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,11725183761980724184,4366066382527803550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,11725183761980724184,4366066382527803550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,11725183761980724184,4366066382527803550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,11725183761980724184,4366066382527803550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,11725183761980724184,4366066382527803550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,11725183761980724184,4366066382527803550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,11725183761980724184,4366066382527803550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23b6e2531d39ba76e0604a4685249f2d

SHA1
5f396f68bd58b4141a3a0927d0a93d5ef2c8172f

SHA256
4a486d7be440ddf2909be2c2b41e55f0666b02670bbf077ac435e3cddc55a15e

SHA512
a1a7fef086526e65184f60b61d483848183ef7c98cf09f05ac9e5b11504696406120ab01da8ed7f35e3145aa5fc54307c9397770681e4d10feea64113e7a57cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6ffd468ded3255ce35ba13e5d87c985a

SHA1
09f11746553fd82f0a0ddef4994dc3605f39ccec

SHA256
33103b1e4da1933459575d2e0441b8693ba1ede4695a3d924e2d74e72becabd8

SHA512
5d5530c57faa4711f51e4baef0d1f556937a5db1e2a54ee376c3556c01db0ddf628856f346057d3849baa5db35603b96a0a9894f3c65a80c947085eb640348ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac0cc791b488f27f9ecafe37623615a8

SHA1
cd5bb0493ddd51d016efb82c3e9dac5b19d10c26

SHA256
84d47743bfa66285b232af88662d1892ff55c9f07d7ee41581891944cb61009e

SHA512
1b93fcbe85ff79fc0819c6088b0e237ae65957c0262eff4618789ddcb39a4a693f4dbebc69e83c4d84faa1c2e37779945a373ef38305cdbad09f43b09820cbb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f34637cfd9f61b1bafc1bfb0a5024646

SHA1
2572ca418ed46a6c6652b687e8182805ce4ef6a9

SHA256
51531f2c8d967a81d1efb5edb929f53d3cc3521331107c6f0192cae6f3800cf9

SHA512
7ec2ecdc870af88f5c4fb42ead5aadda59edf6017e297da9a6de5e989ba8b4c7387d445d63d69d771b729b6bc2e22678b7dfa09226be2c8d7e45eda32f7c211f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6d713a83ef9e0c7df132413c05d0d279

SHA1
5d86cbba5a0e909a642db09e564fc664968cc3af

SHA256
ff2eb4d5a261699b226416668149c9e2c79376a24b4da90b6a9e93b54413a1fa

SHA512
d53377733304724f2957c57bc3912644fb56656adea44c0acb289842aaa83449051f09c2557b5d443ec31a4c0336cc529cb876fe32ecb5e6bd040edf1d7a5045

Download Submit