770ab6da66996bf3fb45b111a5105e0edd870af41a0a5c5724dc701385b635aa

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3165476e6201fff4031f714e05855c7_JaffaCakes118.html
Size

227KB
MD5

a3165476e6201fff4031f714e05855c7
SHA1

9544bdfae08d55af4d65394f9d0b02c0283dba07
SHA256

770ab6da66996bf3fb45b111a5105e0edd870af41a0a5c5724dc701385b635aa
SHA512

f15aef286ee284f02a110aa4b8831f91ad678114332a5ef8ae6e817983e5b6d7727112381b25520751300ab292f3ea8adfb4cbf749c6a03851134d1f366076d5
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcR5yHAKslLqGQJ9Q+cZJQQuop:sXHYLi9f8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
568	msedge.exe
568	msedge.exe
4612	msedge.exe
4612	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 4768	4612	msedge.exe	83
PID 4612 wrote to memory of 4768	4612	msedge.exe	83
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 5112	4612	msedge.exe	84
PID 4612 wrote to memory of 568	4612	msedge.exe	85
PID 4612 wrote to memory of 568	4612	msedge.exe	85
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86
PID 4612 wrote to memory of 3944	4612	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3165476e6201fff4031f714e05855c7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2ffd46f8,0x7ffd2ffd4708,0x7ffd2ffd4718
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,11428229708988373375,18049023962326473820,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,11428229708988373375,18049023962326473820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,11428229708988373375,18049023962326473820,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,11428229708988373375,18049023962326473820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,11428229708988373375,18049023962326473820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,11428229708988373375,18049023962326473820,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af03898b0bd2d4099447fe60082db021

SHA1
6dbeb50436d2963052bb889ae555019525190a46

SHA256
3501ecaf5521fbd6b0c2f2bbad163531d05afd2c3674777def56ce8bbffaef03

SHA512
a682487888d40c102f86768374294273244bfa4114c9b9335aa1a33da55a9b2051cb6ce1f5b6a6d6ece1ba8d27d31b2d441b1722893f40a682a77974272b2b33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1082e51e6276b5cd25b1efa8b5cbf705

SHA1
2113bfb37ebe4456cfd684194b550794af325958

SHA256
5201c9b3c21000ac3e54bdd20a12ebdd24db464f81f3807560bf524fb0e438c5

SHA512
74521dbc8d5fccd46f5f575a15822ec96aee72a4187f7edcc0b55063f0f185c957a80946b41fdb29b5475f0031beee779c7ca0cb6ad4dd13a723a65be1a36eaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
53aaea56136c64010abf694fb7e0a6ba

SHA1
0dbbe814137565df368eab1c4bd4e0d7994fc66c

SHA256
1570838af8eb30dbebd00b9693ad0958be3055b2c2b0c0cb3fc95d08a135efa2

SHA512
9a0cf9654241aebaeba48b05813fd096a30d3ebb750c404a281f13a571139ad70c0f5d2059b3d431d49ace21bdacaaee9c3f63a01cf82ff0670dd94bf1ab913f

Download Submit