1d5f70408ae89d212a925a4f1009b5901098f968b521f80822771f57821e8a6e

Analysis

max time kernel
120s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-08-2024 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9466d1ea95b61c4251c82e96bbfd3b8e_JaffaCakes118.html
Size

142KB
MD5

9466d1ea95b61c4251c82e96bbfd3b8e
SHA1

7fa14541b937986e1224d4392511990e619796b9
SHA256

1d5f70408ae89d212a925a4f1009b5901098f968b521f80822771f57821e8a6e
SHA512

3acf4d6acd13925e4deb892a5daf194914836e85f250b3f1cf440b8ef9dad5c11da5c41c6f042a4f9654ef8fdaed182993afce8192405b91988892fd5d89e564
SSDEEP

3072:1VGejtPUeUwIVGejtPUeUwMMKjxmjLZGDAMJJlzTPPA0ZLpfq8gMPhbi2zhkGd:1VGejtPUeUwIVGejtPUeUwM1iLZGDAMF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 4632	2448	msedge.exe	86
PID 2448 wrote to memory of 4632	2448	msedge.exe	86
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 232	2448	msedge.exe	87
PID 2448 wrote to memory of 3676	2448	msedge.exe	88
PID 2448 wrote to memory of 3676	2448	msedge.exe	88
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89
PID 2448 wrote to memory of 448	2448	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9466d1ea95b61c4251c82e96bbfd3b8e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd42d46f8,0x7ffbd42d4708,0x7ffbd42d4718
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14027244127168745949,10966059350888496710,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14027244127168745949,10966059350888496710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14027244127168745949,10966059350888496710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14027244127168745949,10966059350888496710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14027244127168745949,10966059350888496710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14027244127168745949,10966059350888496710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14027244127168745949,10966059350888496710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14027244127168745949,10966059350888496710,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37ae13f4b96f3046d65488b8a4119b9f

SHA1
29ca689d76523009ed3725fcbf984655595589c9

SHA256
231ddf5fd5a8809cf42105c259d52bfaf0a84c9d2f38e9bd35bb92be8379883b

SHA512
ebe69a98a46f51c4a0e32239da6852d2a68faa281c95e9aa42b31d24fa488405e92a43429834e2e30461edece3bb52c75922c7509dbb4d841e2e140436619810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8537a635e559a9ed01adee65883269f3

SHA1
81798c947d9ac0cb77f3ec0e69a79497036a334e

SHA256
3be7eab427daaea075704267fc849f9265b6b80e9f26df17be59e3f04119a565

SHA512
9a526e565c783268730935ca96a7258cf6b4fa2c4aff2b8e00fcd40425256aaaddb7d470192cbd007a8a5e981b1aa0a6ae87390f382503b63cd37b9d74a5ea79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28eb3bb864d54657ca9b81139aee728b

SHA1
466185992a339eb457e3689e93eb173d7afc8cf2

SHA256
21a2aceb0cf22afbb06d77b5908865a422d115f582b1c73aa9e461914aac5a5a

SHA512
99fb3d5149892eafad6fb20f559f2b2c53fa5cc1e16ecc2319fbee4289250ffac23dfbf6a31ba79e1531c694a0903da2657c94202a3a3994282f1e97c5509ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d7a8ea525914332207c6b177bb564419

SHA1
05aa026f9a4962eafb55065a671536503e127df9

SHA256
59b7b2ffdd24d4ad4e25239108b199a50968c1f23b7bae07a3d9275d4b97466b

SHA512
8e71a61a76b7b8da92fdd6cedfd8c98915cdbadb82de9bfa69f52d69f0461b14d7e5d2a7ebfaf25d4e759d80294a6db797427b33bfa685a07029d9f2924a5353

Download Submit