44bfe95276a62d5e7d814de2e4b1b62d022ead683eb1afd4c84d00b323a7d922

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

950e0df842040efc99069dba26bd3f28_JaffaCakes118.html
Size

117KB
MD5

950e0df842040efc99069dba26bd3f28
SHA1

424daa6b72401faf26584591ad04aa31277752ba
SHA256

44bfe95276a62d5e7d814de2e4b1b62d022ead683eb1afd4c84d00b323a7d922
SHA512

3f8f795044aa10041d1b79d621d79a2d1f031cb7f50f97458347aa9561e2bb56be7e71e57b5cbeddab055ed3e36ebd5a4c31929e8129f6debbf3066787bae6c0
SSDEEP

1536:zYXY2kFgWWLoi0T1FWs94kX4kv27ZTyW6TkTqfAWy:vb9WLo5ooYZ4kIy

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
4640	msedge.exe
4640	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 4752	4640	msedge.exe	84
PID 4640 wrote to memory of 4752	4640	msedge.exe	84
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 3844	4640	msedge.exe	85
PID 4640 wrote to memory of 4868	4640	msedge.exe	86
PID 4640 wrote to memory of 4868	4640	msedge.exe	86
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87
PID 4640 wrote to memory of 4176	4640	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\950e0df842040efc99069dba26bd3f28_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb538f46f8,0x7ffb538f4708,0x7ffb538f4718
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1063185821812415019,2985734035987661488,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1063185821812415019,2985734035987661488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,1063185821812415019,2985734035987661488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1063185821812415019,2985734035987661488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1063185821812415019,2985734035987661488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1063185821812415019,2985734035987661488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1063185821812415019,2985734035987661488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1063185821812415019,2985734035987661488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1063185821812415019,2985734035987661488,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b263a6e2d867691a4b83a0cfb77d4a40

SHA1
3b961703075083513b39e700df1d4bc7c7ee2ada

SHA256
802cc76a57b84313c3cdb5f70de5ccef3d645435e995039a8430dc1de6b2b93a

SHA512
0323b6117ff83083bdd0c9ea09a965cf92b1c07ef2d90790df2801ca21baa1b34fa0bf636f02635bcab80ff07cad79eb0381230e0b3a96539d7b49fcca06d39f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ce0f2e1b69631d84153a6beb8fdee75

SHA1
49f98a955eb7b094ef33f9b145156acb4b9d36c5

SHA256
2b2b01ba1d5e4635f771bae9d90c8d69c99dcc1b3a6745d90638aad61090f30a

SHA512
9b61fc14d449172f85bfebefcff2f00d2abae2ae09a79d0641634ff0d04fb89ddef2bf3b6775293b26f67f2e5b1c4abb6e5fc97fdb6ad60f4d0604b94d0c5d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b3bbf7222b36cb81f7a13844b2a56e71

SHA1
0c353dbcaebec07039b21cc6389205ea87693be9

SHA256
45cfcb95cca68650e93b1ba070f7b9f47242a12e8699f3b56ee8b9bc5b4b2818

SHA512
faaca721dfad807954a859618f7f053553422fb73c86b059c910e8edfc92d3f1bae3e2d3d82fdbee2ba4a7b2992cdc855eab0369150cf6746f9cd7a4f90de606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ff6f24ce310e0f8aff92ce1a7ffd1751

SHA1
ac95850860844ad691f9508cbbb49be4499eb300

SHA256
4c684369e6294252984905ab69fe7b8cc64b8dd807a8f648eec38b63a4b1de2d

SHA512
206b9c5b3471eb482e4a544ef8b79d68cce360bdc5b3caf2eff3b2a82d41353cb5475428ea053ff66830bc2877a9c6d2ec16d27f0bc31e3d7160a7810125555b

Download Submit