83e6abdf9381c4ffaf55f5ef343994929162fc5df5b87a5cd013953c9f9e89fe

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf948eb95d13b14d52458c97a1aef3df_JaffaCakes118.html
Size

19KB
MD5

bf948eb95d13b14d52458c97a1aef3df
SHA1

d9434f49f45d3b24f9ff3f35e4ce8c7403fbcb69
SHA256

83e6abdf9381c4ffaf55f5ef343994929162fc5df5b87a5cd013953c9f9e89fe
SHA512

2af092baacf1fc63dc3b15c6e44cb969a0d1d15c45be9022cce33e0467c612d1603d719f3e452866dace13d3f1e0b40f88486c5110f54efa70e66c9369249453
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIm4czUnjBhIy82qDB8:SIMd0I5nvH7svIBxDB8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3132	msedge.exe
3132	msedge.exe
3348	msedge.exe
3348	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3348 wrote to memory of 4564	3348	msedge.exe	84
PID 3348 wrote to memory of 4564	3348	msedge.exe	84
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 756	3348	msedge.exe	85
PID 3348 wrote to memory of 3132	3348	msedge.exe	86
PID 3348 wrote to memory of 3132	3348	msedge.exe	86
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87
PID 3348 wrote to memory of 1400	3348	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bf948eb95d13b14d52458c97a1aef3df_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb50146f8,0x7ffbb5014708,0x7ffbb5014718
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11146040249369831528,4705580898245008466,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11146040249369831528,4705580898245008466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11146040249369831528,4705580898245008466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11146040249369831528,4705580898245008466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11146040249369831528,4705580898245008466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11146040249369831528,4705580898245008466,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8cf201a822bdc23656b8fd2515912da6

SHA1
90c93d815c603d8db6e2b423e7b61c6c453165bd

SHA256
3e454b2b5366b69c4cbc7b3ce4b36da9964cdfb3a838b56a9fe9ffb3442a1132

SHA512
c3dbaaf94b336f6853730257c1f5f964be5b81fb5feb3007e692948a6bea762e40639d2777941283df68d0c53bea599b1bc4d700b025881d1d03ffeb800c9b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f3890ef757a7669e95c6d915b18d6de

SHA1
55ba0dcec5662a302cb3c2458e2ebe111bf7bb5f

SHA256
957bc6d55d4acd7a5f7e292a79553b8a0a286970fa2172c54ca80d51c2b9c15d

SHA512
4e494bdcc39cf5119e68dd2c2a4ba315ce83b3063353634268c674ce0af89db47dd82231d7671578df6c44b3d592b5094732fe65a91cf7e766defc523ac81b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
beaf596f85fa2b3c4bf5fe9fb3978c26

SHA1
311fd81e8dfde1289d3c84e71c95b9ba6b59d0b3

SHA256
41454d546231faf1411756024dd97eee43d9daee43ea7ccf168e7d8e7bfb03ff

SHA512
df0b1decda76aaa39f10435099ea59674bb79130678e7af60b95b157afdeacccc5ef2249dcb8781bf80ad3645ace1b67526f490617a2fcab6c7b789b89aa4983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
607f47492aa2b0b0934fc79ff2870473

SHA1
f5eccfbd3eb3a3f3118c4391d83e84dbb5615b3a

SHA256
a43391531348640e653b3f8f1bad274c65bdfb74695f24e46e231a100318deb3

SHA512
386187c3426c6e417baafb0090664432c29df258ecee12eb4007c5d40021cc31d3084ea85c1a6df38a8e51efba3f28010e04e6d44c129c85482967c0262a5630

Download Submit