ad67fb18c423e7531d5b4845d4217c5cf81ae53e72f146767f90fb5a400e4dfd

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 02:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b9f5fdf9e392a23c53daba8e6e6bd360_JaffaCakes118.html
Size

318KB
MD5

b9f5fdf9e392a23c53daba8e6e6bd360
SHA1

dc4345009691050c7f6f184a44d32c4ce9e90362
SHA256

ad67fb18c423e7531d5b4845d4217c5cf81ae53e72f146767f90fb5a400e4dfd
SHA512

6830efca765c96d5d8cd96293fe4d9ad886df4796869cae14b565017676f28d69642284da5940205b6633cc005a39e9fe700536b04700fd92bfc7be0406b1d66
SSDEEP

3072:7qSVXFKh+Guj5/ArhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ/:NVXchjchYz9VxLY7iAVLTBQJl/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
4004	msedge.exe
4004	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4004 wrote to memory of 4868	4004	msedge.exe	84
PID 4004 wrote to memory of 4868	4004	msedge.exe	84
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 1592	4004	msedge.exe	85
PID 4004 wrote to memory of 3472	4004	msedge.exe	86
PID 4004 wrote to memory of 3472	4004	msedge.exe	86
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87
PID 4004 wrote to memory of 1168	4004	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b9f5fdf9e392a23c53daba8e6e6bd360_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9c6946f8,0x7ffc9c694708,0x7ffc9c694718
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2276,16160000287162417053,18185222155261840710,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2276,16160000287162417053,18185222155261840710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2276,16160000287162417053,18185222155261840710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,16160000287162417053,18185222155261840710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,16160000287162417053,18185222155261840710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,16160000287162417053,18185222155261840710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2276,16160000287162417053,18185222155261840710,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
479B

MD5
0bc9c46197f7dc5ffc2bb695aacdc585

SHA1
4cd2b6f46d78b374a7b605b503bc45ab265677f8

SHA256
7b5375c45bf7bb24c63ac690ab5c6ab82a8cf5e62a82ffe25763c69235bc6458

SHA512
c0cfc1a3aa197062e4ac1ee1d5fde1649d0214971589d43c5ce982811bbd3242a5642d2d92127d682ce8fb0d8e16245defc8c31a49757cd28a3d442ad40a289a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ee07d0eab3a7a1c869b3ac4d02a9796

SHA1
36a35c0b2bc7be9f983fba9a7a87e7e3fe0ee585

SHA256
6ab08d3f8cc2d4af2153ae760b9ec196ef7cf3faf5efc8b95fbc6674c39e2587

SHA512
ac706cc854ced6cb83bea202f3cf234ca9a772ead87d356845216f1aae851d240bfe14b545c779fe881308c863b046cf2142c08beececb3f63a5df4d629b4467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a855772e3ad8790ba3f6ae76651678d2

SHA1
82cfc540edd5e9f8421b48c88571eb12118b48bf

SHA256
e87050cab77b17344c2dd87df8343d790e4f1c327f7d38bdb09273af4920196d

SHA512
b0a5e54660c5a1b77c123ca91eceabf4408a7144c326f02ab17c82cf3b2b05ef9df0261e008a8fe046d214ed2652148ad771f926bd6b44fe110c8212d6d2c1b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0c0d04355edd0f899114c5bec2bd088e

SHA1
fcf0e81bbfbd93a6e4c93a9b93f110066b83edf6

SHA256
4fc59a6cbfe3cd27641ed91971de809d4a8755de6bd149681dd847d14814fafa

SHA512
10484dda6b6e9ec6c0f7aa23f921db4fb17484e7a33800a7d7c465e6084ff7d69190ced2c105e83105d0675664029fd2a050e7a6f170ab1ab7ea0b12788c3dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
132e63eb881dd6720f394ffa8de7cb31

SHA1
7e971cc034cace27282f7879e32b78685a731bd7

SHA256
932dac32448b29f57fc488713ca7a2e3f2e48f3ba31e10f452a0c0e5b0c76c22

SHA512
4d396479a5d96acc5734e27fe8957da160da722dda05f88fa0bd47840265bedf6a4b36c75b9a8066ad9c0b95d1309a1f18bb4a53018c1063f9d94bf9ec85490b

Download Submit