4e42cdb85188146489741275b9503dd1a24f6044946261cdb417ff8e602772b4

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-08-2024 16:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96db64f6756282b16d9506fb8327b3a3_JaffaCakes118.html
Size

120KB
MD5

96db64f6756282b16d9506fb8327b3a3
SHA1

97faa5e811744d9cd993fea22d132077f5ed357b
SHA256

4e42cdb85188146489741275b9503dd1a24f6044946261cdb417ff8e602772b4
SHA512

45c9ad81ae668499cdd3f8747456248afa93e2f381d85c3ec710323a9ec3edc01753ef4ba1cedb702821dfaa584d4a1b06cf6493db684897afd7487da6425d00
SSDEEP

1536:ml1aYyoln79WjlPaZmiGEBIRAFuBGyuEA:MaYyolpelSUkIqFuBaEA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
4652	msedge.exe
4652	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 1020	4652	msedge.exe	84
PID 4652 wrote to memory of 1020	4652	msedge.exe	84
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3528	4652	msedge.exe	85
PID 4652 wrote to memory of 3696	4652	msedge.exe	86
PID 4652 wrote to memory of 3696	4652	msedge.exe	86
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87
PID 4652 wrote to memory of 4900	4652	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\96db64f6756282b16d9506fb8327b3a3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffc457746f8,0x7ffc45774708,0x7ffc45774718
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17237908656423841432,15078977408002934569,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17237908656423841432,15078977408002934569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17237908656423841432,15078977408002934569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17237908656423841432,15078977408002934569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17237908656423841432,15078977408002934569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17237908656423841432,15078977408002934569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17237908656423841432,15078977408002934569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17237908656423841432,15078977408002934569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17237908656423841432,15078977408002934569,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6626074bed7183f588cda7492347fd02

SHA1
0a917a6a6fdcce7c68c3cdbfbb3540ff15e4a936

SHA256
c6234ae73d66e747457504defd36330f8a4404905acccd1ae57586614ebf81b4

SHA512
4bb29abe25e6afcf8dbaa39c8c1a4a257012ebd4963b6d348717a4c216319669b203084e6e71e1759ac526cb24b41fb4fc35cb8ccdd379554bc777aac24b6d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f76cf4d4d3ea690caf444f9cc8c61d5b

SHA1
4d69c6f69e9eca43b49699692137ffcd17cbe083

SHA256
7ea357ba1ba29bf46622c5a48dea43041f57ec6ae62094e95b3d6558ac7c0fa0

SHA512
44caf37da478a61ebff64797969b252cf44eecd1db58507d199b7969d86dfb5ecce0224c914d7045003e773d901298a387a8e8077b52194fcba68c73a8390d6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb08ccff09c62238d5124aae0ee0ee39

SHA1
2674bbe6f5bdc470f8fd8b9c1863a202461bfdea

SHA256
51b0218d602c86b6be5b1c4b855005804b125205e43c8e693bc49a85e6fbd59c

SHA512
713e347928a055b3bcf2a87d08549a37f05979a0d57fb7b07b7ee249353e9e246060743e624a959f52f4acfa763dfd83c7a92cd9d9913ba2aa456bec71d0251f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
45d0e32bb5a50027c7d438dc70ae9665

SHA1
e377780c3658780f921429708c4dd826cc59b4d2

SHA256
9cf5a6cb2b18ae55bd70780959b2bd1e9af3c0a137b4792cb04fea9c7b56134b

SHA512
dcc665a1e7902f6c850dcf351654c507ba8d43747cbb987157cd7d08385476a5084af20272e7a46b0711b9eb917a2d326656f49f4921797f6f0627067622bdbe

Download Submit