c10d094737666be8b804b810a11e99fd177c5ac6b4a36d02157158ebb4b47f20

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8053a9bdb9d4a3b35218568ad2aebd6_JaffaCakes118.html
Size

33KB
MD5

b8053a9bdb9d4a3b35218568ad2aebd6
SHA1

92e9c95d3d33977200ce110f53cdcc385f795a3d
SHA256

c10d094737666be8b804b810a11e99fd177c5ac6b4a36d02157158ebb4b47f20
SHA512

ee814fc60da7ac2f462d0b59ce30b5be56f117f0184331c5c4e1125e6c3d775ab8eb7661c2f8df1162d4c1370b73ef0338482e33b416501ff13068f6118f1227
SSDEEP

768:QQqL81D/eAi4Rdnimaqx289DzRA5eVtRAi49YSLNG89De3A1u489D83AWiEXW3AJ:QQqL81D/eAi4Rdni89DzRA5eVtRAi4Pb

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3552	msedge.exe
3552	msedge.exe
216	msedge.exe
216	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
216	msedge.exe
216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 208	216	msedge.exe	84
PID 216 wrote to memory of 208	216	msedge.exe	84
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 4408	216	msedge.exe	85
PID 216 wrote to memory of 3552	216	msedge.exe	86
PID 216 wrote to memory of 3552	216	msedge.exe	86
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87
PID 216 wrote to memory of 2200	216	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b8053a9bdb9d4a3b35218568ad2aebd6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82ec146f8,0x7ff82ec14708,0x7ff82ec14718
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5369473929801446564,15162813712097642340,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,5369473929801446564,15162813712097642340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,5369473929801446564,15162813712097642340,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5369473929801446564,15162813712097642340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5369473929801446564,15162813712097642340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5369473929801446564,15162813712097642340,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
565B

MD5
3900737f247d78552aa19a4758d17a3d

SHA1
94727601b76b3e4136a6ffb65d7911ae0bdf40a1

SHA256
dfc849c904bf15d80da514bf58f14196f9127a15ed9afc9113b7aca71009d13c

SHA512
e9ce2adbfc3d88aade4ff48c3b88ebad685b51c7f79f45dcdb6d9c793506fc784583c00d22c7fe276428bbbcffb078d35d96d165dc810fd6dff70ef9d58d3899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
06a7f4399ee711864499b6be09dfb5b4

SHA1
b609436c9f631f35782363b989b5672cdca1c1ef

SHA256
572515161f55e8520ff01a0936aa87a86fef086c321d148193541c9cc4bc5c29

SHA512
b07c941cb8fde8d0c3a743dd2f329df20b99193aef229635b8c9fa4378ab957039218c40ef3503e45e40ff190134ad351638f0f5ee0e5d9c726dfd227a34deec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce272fcbe925c61817b6a2eb13094b3a

SHA1
456c8171ad987f2c27b5bd9c10ee9e6fea3390f8

SHA256
dfa4374ed26cb4ad271971a3c8543ffa545e09c6b7c3ff36e4171bb5f5b1c920

SHA512
1a0fe949e6bd5ca8511eb4ed33da77b4a093dfd96d89a99e86b08395b7f233865386c915e35270e391ea314ece3f077fd3f6683a3e4efc925566bbd1742641a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
717be17ca36a287e12df3a0b086ee327

SHA1
bd8dcd13b7e903ee6158c0cf346ff8415dbd1df2

SHA256
c105225ba6fcc24b350de5b72d8706d62b6b78cd828cce1f13038b56684c6156

SHA512
295c4154e05300ee51c465e3ea278a10cf35f42da4c768b5c1e695c3283e1aed5723de5610d9d0b228b2155547e9c5670a3715c1a78e567da0b257e5baf69692

Download Submit