494e61120613fe32112e38e101e60584e6c011baca3e9c5ee7e38bd6efb98b4e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2024 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b09b3425906f4e809fb36b784a58a353_JaffaCakes118.html
Size

12KB
MD5

b09b3425906f4e809fb36b784a58a353
SHA1

0f949ae9e18322bed5ebea2473317fde1095df5e
SHA256

494e61120613fe32112e38e101e60584e6c011baca3e9c5ee7e38bd6efb98b4e
SHA512

671ab04eccfe91b8e18df3e37eb0a797a192b535ef18a4bf55964d16ca13a42c7523f134448235fc2450adb83f2f0cd0cc980b27188437e68b0dd016862b96a9
SSDEEP

384:sWlIcKVBjIz/gueBdZNnbO0HQ0TmzguLZ:VgXf36xLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1864	msedge.exe
1864	msedge.exe
60	msedge.exe
60	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 60 wrote to memory of 2044	60	msedge.exe	84
PID 60 wrote to memory of 2044	60	msedge.exe	84
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 3648	60	msedge.exe	85
PID 60 wrote to memory of 1864	60	msedge.exe	86
PID 60 wrote to memory of 1864	60	msedge.exe	86
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87
PID 60 wrote to memory of 4616	60	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b09b3425906f4e809fb36b784a58a353_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ae1246f8,0x7ff8ae124708,0x7ff8ae124718
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,1331710048123398160,17182493559141454984,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,1331710048123398160,17182493559141454984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,1331710048123398160,17182493559141454984,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1331710048123398160,17182493559141454984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1331710048123398160,17182493559141454984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1331710048123398160,17182493559141454984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,1331710048123398160,17182493559141454984,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
24c9a4f581480b7d89f8fd3c08af819a

SHA1
76e2713928a509c25a7441945dd5fd70145eca3e

SHA256
312022dafba14a6f9979ea032a02da288bee094badbf27717c9fcc4fbd3bbd0a

SHA512
9a6527b1e729e3ee6a1201bd4d4356d2d30b755be47b7c66323b9f4737741e518628e512ee599043ee9730414f35f5f504783ecc7e173104834d3d9e6fadad1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fe70362246bcac222a1446ad0838e506

SHA1
ded10398ec42bbd9550d28f187175f1cf5f2d25d

SHA256
53c34773413a2c05a36e0e776a570e58a91273aa785e38887a50d8f744249e3d

SHA512
04b94228f8544535ecf6ed7829672c5eddae642db17f01a7b2d96654ed12bdba780206d331a786eb8c2e4a24d61d6d9ac8dd49b58c26797601fcadb8f4cd4728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a236ca1b22e909088bec966b077f2742

SHA1
cd9bca2546f2010e86bd9757064db429a065aaf8

SHA256
3795a8a42f37fb7e04b59c115c063ae08039d3f4f617b6fc47cc031753e42981

SHA512
06d07a18c9bd12a726d2988e954c0544d0e33c087ce0430d33f29eac36535625eb67c633f10c78ea7470df6a48d8032dbb2ac042859497aae1b0ac3373aa8f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3b55c2a7ce9db3c6a49136b7941116d5

SHA1
f2615bb24c26deff8c92ae6d9d611de6bedd761b

SHA256
a4296cab480f57f7dc0a415a20bd501058693b22a061feb608be61f1dd7a81d7

SHA512
6693275a0ec41628bb6f8da970cd67d285492ca82e0343f4dd2c3070336fa39d84054eadf7f584c707af6adeb2faeeb9b9411968fab2aab48775513ed7cd53d6

Download Submit