9da4204eb72a65b80af857b45dc87cd75ea52ed144b5df91ab4ed6751bb94baf

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 22:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b12e14c4a384fb1e266d08d591d176a2_JaffaCakes118.html
Size

98KB
MD5

b12e14c4a384fb1e266d08d591d176a2
SHA1

6c2280dcfe64712bfdc9cf95739905df779955c3
SHA256

9da4204eb72a65b80af857b45dc87cd75ea52ed144b5df91ab4ed6751bb94baf
SHA512

3e126113571e324d848db0279e22697ace0e4d14dfa32d3e2162c64f477229635fde7bca01bbe2757f1bdce073c1bda9c9025cf471ffe621e891c4e943f09161
SSDEEP

1536:KWvLQZqovXD/XMGA8FeYk9xbckcnn8Cx3XzkQN2mXbuj/f6h5JisF:JovXD/XMGA8FeP5cz8CNzLrXdJvF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
2732	msedge.exe
2732	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 4744	2732	msedge.exe	83
PID 2732 wrote to memory of 4744	2732	msedge.exe	83
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 4420	2732	msedge.exe	84
PID 2732 wrote to memory of 3280	2732	msedge.exe	85
PID 2732 wrote to memory of 3280	2732	msedge.exe	85
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86
PID 2732 wrote to memory of 1640	2732	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b12e14c4a384fb1e266d08d591d176a2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6b6646f8,0x7fff6b664708,0x7fff6b664718
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7369922442585953552,5750705157490064908,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,7369922442585953552,5750705157490064908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,7369922442585953552,5750705157490064908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7369922442585953552,5750705157490064908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7369922442585953552,5750705157490064908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7369922442585953552,5750705157490064908,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
5c1019a2fbbae64fc4028cb6454df74d

SHA1
d20fe68f9ce22bfa8c0b745a9766ece9609b58ea

SHA256
ff935fcbc416876bcd99dbdb408a834913432c5a18f17d8586f5301874ac6a75

SHA512
9eda61ceb453cf16e4aa8654fc73223f4c1c10fcbcc4459449fb4da3d21b452b7c81ca1a3f1a633c18d21894c3e902ea1ed1ab27a4ce2583c28b5ad0562ff48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8cea4cc9c68f6b9a971cfd8af58184e2

SHA1
ea791df46c1381e3140c61eb2aac7d7f8ea8aa14

SHA256
792a496fa5c1c8c1b5c8ca68aa419ab13fe03aacdc90b25f4a7d2f22a4da7b3f

SHA512
f0e6c657a303f004d764c3b4ad368bde976fdd6eb5ece9e0ce97bb1d3da73306f9cadb5dd39ee2146dfa9a1c59b15a8ef913838feca28f077aab95620b7fbbc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
21101e04d96cb675fa0c55318750304c

SHA1
aa299148ace2f66a0037dd27b06d65cae42566ba

SHA256
7d221f708f3c01fac068ef4bb7745c12e9f208cc2d246227c21ab2cff02dee3a

SHA512
ae8c3de25bc3b273cf533692b714fb1ac459091ba8e7af5b751b2b587553b913711e310e6d0e35e07fc078b4c1fa95f47f297fce1fc0ae9d61cf3e7e9b135fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
a5d5a7571ccd8c359f9ee18763bd2a7a

SHA1
81a5a307ee910feb77599b5d0e6a04733d00795b

SHA256
351acb6b7fb4d0048ea1fe01490c12ca813268754aa429071fba31f5a139c0ba

SHA512
b57be253fe49c0897eedc9d198e00e8a1e41cba7e029a3d9ece3cf9c3b635a4f97e470696adb4945242b8f6b108c268dcccd7904eb780661c218e96f3ef8ab08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5847a3.TMP

Filesize
203B

MD5
25800c8e549c46d66eab0b64f254cd79

SHA1
f9432e7d24565825ce6b0ebe068f91702edba10a

SHA256
07aac5bce0445222165a7142648150c319c741b504d317ebc03fcfb60270ba0c

SHA512
b91d3f53edcf0e60ba8a098967eaa2bc085190750d276fc2b886f2c8cec92f80f7b607597cf64ae94a16c4e2eb278d376f18d5be902c3e24da5770dc58b84bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0c227f2d37f69a6f94a03268217fda9b

SHA1
70467c148b16d39edb6ead0c58ad92ccf2c7c71d

SHA256
80d5d74969f5b39495d34516891ba04dd4462588d86cc6fa06b68e534efbf293

SHA512
11db4883de7cba84a8f538aef617959be555c278a30705096f54b3a1153bfd8eb4ef009aa1910f604c004838e0d287b84e1b34fadf5f06edc7fd3de601adff6f

Download Submit