353f7ff1c19beeba4074cf8e971fb79b12f070be3ab3279c9110ef25a8ae961e

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abc68766c3791645e338c8c1331afe57_JaffaCakes118.html
Size

278KB
MD5

abc68766c3791645e338c8c1331afe57
SHA1

12c1b84492cc613c9fa3a68ee71271bd23e1b562
SHA256

353f7ff1c19beeba4074cf8e971fb79b12f070be3ab3279c9110ef25a8ae961e
SHA512

32d0b69089777d657fb7d09cb7b5302a4b4dfd2ed029a489bb1b3d274e0f8233c870e5950f1263c03a4d55d5f0bfc86c77c4fda444c7a5764034d3bcda65e36e
SSDEEP

3072:3EnMYBmQrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ/:uMVIz9VxLY7iAVLTBQJl/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3844	msedge.exe
3844	msedge.exe
1468	msedge.exe
1468	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 4476	1468	msedge.exe	83
PID 1468 wrote to memory of 4476	1468	msedge.exe	83
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 1000	1468	msedge.exe	84
PID 1468 wrote to memory of 3844	1468	msedge.exe	85
PID 1468 wrote to memory of 3844	1468	msedge.exe	85
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86
PID 1468 wrote to memory of 3220	1468	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\abc68766c3791645e338c8c1331afe57_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83d7446f8,0x7ff83d744708,0x7ff83d744718
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4314884569822239257,1601400995583632968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4314884569822239257,1601400995583632968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4314884569822239257,1601400995583632968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4314884569822239257,1601400995583632968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4314884569822239257,1601400995583632968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4314884569822239257,1601400995583632968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4314884569822239257,1601400995583632968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
757B

MD5
1a400bd24480878188390d908092dbde

SHA1
5663a81679cff74c0be5047914cc5443906547ca

SHA256
e36320f916d195f0c8686790371d37026e7c501f910e148d58ec2dd0e3c15fb5

SHA512
bb2aa2187cb9eec4501052b0e8545cccaaea47e701790bc01d847c1f6c6abd2a91d536cb69d7a27e605ec80d2ff0a39e7d116d33270255a755d80ee6b714ad00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
267c243b6b28bee721e9cf1ee9a9eb58

SHA1
031868a5dd53627831f7726e748c211fe1457a52

SHA256
d434c343c1fd569b8db2ff94e53180e362381563cb343641feed6de921f19f71

SHA512
a685b78afa7649170439a8a7fa09346012d363c71d556d28dfbb1b547f93ec18651c3b51d3864cd9ddc95733ac575442f133446c63b0a5bf7f688614ae4114b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9994a60cbd5d07cd9d4a778189d6849

SHA1
5a0e4136d5b73eb4d209b55ea972d9e4cef27fe1

SHA256
4e18965f4bf458923d6887efe6e5068e3a58c21d504f58b50c5b4a86e9ebeb32

SHA512
d810925f98315e52679a6f7d86f64b641887ff662691351408e778c9b9b387e1b3930989bbb0568fc5d6e483c4b08d8ab3a179ae409b194d3b598094d8b8fd2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c30192ff352ad73caf5adbee49934ef7

SHA1
b98f2143f26e29a7a7c71ec84242fc2dc433eaa0

SHA256
7c167573f2d5899e3bf789f06bee58d45c6216e6d79e19d80fe3549ff1c0ed44

SHA512
100960f4e257f3ffaed0c0b4b7cfc5eda97cf3fdb18f8248725f85b4cc55715d46ce834823b52356de9e4dd409c7189ee5c90e725834fbc0f9e509e8976b6944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dd86c038e9ee66fd2577e63e1e2dcdff

SHA1
6f6b27ed1f4684609b1ddb3cb4e4928cf6de9574

SHA256
b8aacf5bf0d3983ac127d580c05a2d5ee9bd1b4f6a81773cc3df8c0e44a92994

SHA512
dc8d65c2b5900ff92fd5f0f72e0c3b085f3387605ec24d0cc9a3717b9906f20fcf6678c546d6220a302c18f5f2e04980357299a8549dc8d9ec84cb9d3212858a

Download Submit