60d7f0e8cbc0d48742456714fc66f39863c3392890d09678ef5a236289fbcaba

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 22:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a478677800bf6f26075983270f7d4ebc_JaffaCakes118.html
Size

121KB
MD5

a478677800bf6f26075983270f7d4ebc
SHA1

9cb0b2bd83493c27bdec2bdf89965b3278de12c0
SHA256

60d7f0e8cbc0d48742456714fc66f39863c3392890d09678ef5a236289fbcaba
SHA512

8f7d249934901252730d6d2593d694bafc781c3428ce167554c2cae37cff79fee64681b854b1481c407dc10dec6e0c75d9d1359a1f381d72cd6a77d4ade45828
SSDEEP

768:10xo8zVfDO2uviLkzvA/tCod2dntgh8mSiBK02m5g/5m1slnRjZW:106CVMMkzkCo4dtKtSiBK02Mg/5mKxRc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
224	msedge.exe
224	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 1996	224	msedge.exe	84
PID 224 wrote to memory of 1996	224	msedge.exe	84
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 3516	224	msedge.exe	85
PID 224 wrote to memory of 768	224	msedge.exe	86
PID 224 wrote to memory of 768	224	msedge.exe	86
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87
PID 224 wrote to memory of 2860	224	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a478677800bf6f26075983270f7d4ebc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb538f46f8,0x7ffb538f4708,0x7ffb538f4718
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
32fa60974505891dfa2cfd7b4371ba03

SHA1
0444b84e518a47077b663f360f1bfe4981e44b0c

SHA256
1e17175d3a5c0a9b841bd8accfa92a441d454ef71d682d68360cb382a53e9acc

SHA512
fc2c1d8922ae265188cf53583049f694878586e03fc12d49dea98d3855eb566955c60c6c84fded17a5b5482dda97f0cf6825827516d0c1e49d302b594aa4203e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17dbe150ed5953ca348df44d691b54e8

SHA1
58ca55fec7950b42294c412c84b48566f0f68d05

SHA256
71946917823ca64da7510755802050c75ffeb3eb5c9dc2e6931d35969b5fe04c

SHA512
fe180e765b5a42478d94de27d3c5bf88a5e4b63ae6129c71b5149d9d5a608d6d82428ad5ae73cd391414b1b8b6079b94f535de74ba750e9f178e85168baa003d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8579ac916ebccce66ce19157b533eb2

SHA1
87f269622a60ed4e9598c6dfb59ceb4919e89e78

SHA256
815402141626b3090153c7e257474c36bfab8fe5e9c357966cbf403fa5448653

SHA512
ca37e2ace3e5cd1a5c7315f52f1d7170233b38d167c3553448e576ed8bb72208d49e6376f5783aeefa60f2b57d8c054cbffa8020ab5f7612a84f374358402fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9c8f9c2d6e653448df6a4a1241535f81

SHA1
96a8d5db74697d794f1f94432b6fee926c341fee

SHA256
ee19f8e2ea149e15dda108d1b3f340f46f8dcecb41c85397a51668ba374187d4

SHA512
9a099956668a6f77b8c8f2a247f07616323238eaa71c1ef66dd919c2ab44e28bda29c06701b078e8d94211aa3c1f56c7349a44cf06645f7f4649266dee84cd0c

Download Submit