3424a03b4e227fff2c7f0dcb503e3b1ae2d1f7356d38ed678baf295ac9121c14

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9e2b0bef15edcb9894bc2148714c399_JaffaCakes118.html
Size

121KB
MD5

a9e2b0bef15edcb9894bc2148714c399
SHA1

3f42b9af287bb8ad2dc643f3aa186ac63fef15ed
SHA256

3424a03b4e227fff2c7f0dcb503e3b1ae2d1f7356d38ed678baf295ac9121c14
SHA512

466f152dadbeaa52e6feecd32cd6d7942cef71599cf10c78aef66785fcb7b2cf37d3003b4d78f3b42d8261e3f6743b2efae19d2fcd31639adcbd94a6e6355185
SSDEEP

1536:9ExK1Zzeg63bYY01Xh+F7ZvHgfy5gpjEJE/8Vtb:uAZagGRT4gsYEUVtb

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2948	msedge.exe
2948	msedge.exe
1900	msedge.exe
1900	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 4112	1900	msedge.exe	84
PID 1900 wrote to memory of 4112	1900	msedge.exe	84
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 1428	1900	msedge.exe	85
PID 1900 wrote to memory of 2948	1900	msedge.exe	86
PID 1900 wrote to memory of 2948	1900	msedge.exe	86
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87
PID 1900 wrote to memory of 2020	1900	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a9e2b0bef15edcb9894bc2148714c399_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe72da46f8,0x7ffe72da4708,0x7ffe72da4718
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9956737384986241083,13211562741100390418,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9956737384986241083,13211562741100390418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9956737384986241083,13211562741100390418,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9956737384986241083,13211562741100390418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9956737384986241083,13211562741100390418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9956737384986241083,13211562741100390418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9956737384986241083,13211562741100390418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9956737384986241083,13211562741100390418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9956737384986241083,13211562741100390418,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1acbb5149608cff0e81508a1eff128b5

SHA1
f23faa8520f27f5e1c0098c8cd8eaa9c05094570

SHA256
917dae32853804618c62093daf857df6d5c12c053f9bdbcb8402cbb6c2ffa34c

SHA512
42d5d3e45b01391e9d0d03f330c0997b5e6d307bcce09a935c1522398a451453a52fbfde654f575480c4a45cef7916beee7afb233ad029fde1729661f1dca551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1d4e194573d10b080a5c09c9484421a

SHA1
215a3aefc63ca2322b7a2354273576f23988eb6e

SHA256
20ee697162b45b2968e5276070602e3a28b0e629b03fa895180013d3cd82060d

SHA512
796716034efd5f5abfe4abd2897e1a9c4d6345ef81dbaf4a4f3b95c30906c9e6c691bfd513e78105a983babe9a9a52e8c6f6b2a3f8a788f464f61a9c43be40af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e0ab769525fff9838568536afbf5bda

SHA1
d9a3429e2fdab7dc2c17db3dd755ce26a90775e5

SHA256
1538dab2e456f2d3e4005f7f61499973bd824c88332cb091c8f7940588dc098a

SHA512
74fa1a5d948aa8ab6763bbc07a68c8dcc7416900645d6d3bc761b6d087691704eb35cf4830decf50608ff253fe4f09d0c1517061d719195b6dc91855c96442b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aff93b7dd12e7b69ed54087144f7c3e1

SHA1
e343c05ffa344eed82a81b02330dcc2d4bef70a2

SHA256
d0b6869ddd25c78337f6f2e46d6719d819f872caddfd2f668668ccdd2c36419d

SHA512
b36f47de559f44bf298ca78a3a24d7a8989213f8831665dcc962701a2c31c3e7ee27524ecf557eebacfcfe22d00784e5036bbf7b631d9f1bb8930ba0d18b74eb

Download Submit