d2bb979fd9ba4b311f673ae9f9095afedd1d3174487fb09b5a057ebf2b481e58

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1b097b23f3d40cc8870b90399332d7e_JaffaCakes118.html
Size

11KB
MD5

c1b097b23f3d40cc8870b90399332d7e
SHA1

b4607a5b409d05e8b1b061763a427243e9e3b549
SHA256

d2bb979fd9ba4b311f673ae9f9095afedd1d3174487fb09b5a057ebf2b481e58
SHA512

c701e47df80e97d6b87e93e399bcabc8d8890c4ce8d865a7fb4072129f849e75d2f23ea57bdb925d9feb82ee0640eb1cbb74a42fb184117cc86e0ff0182bc65e
SSDEEP

192:2VMlIsr03bo8k/w1wvqLkZ7BFMnIlTQit01Psw8uBuLbdU8d:sMlIcubI/gu7BFMnIlTQit0Psw8guLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
4176	msedge.exe
4176	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4176 wrote to memory of 3916	4176	msedge.exe	85
PID 4176 wrote to memory of 3916	4176	msedge.exe	85
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 2788	4176	msedge.exe	86
PID 4176 wrote to memory of 3464	4176	msedge.exe	87
PID 4176 wrote to memory of 3464	4176	msedge.exe	87
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88
PID 4176 wrote to memory of 2836	4176	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1b097b23f3d40cc8870b90399332d7e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffeda2046f8,0x7ffeda204708,0x7ffeda204718
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,1350613171050007686,3118277739889202091,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,1350613171050007686,3118277739889202091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,1350613171050007686,3118277739889202091,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1350613171050007686,3118277739889202091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1350613171050007686,3118277739889202091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1350613171050007686,3118277739889202091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,1350613171050007686,3118277739889202091,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0ee576ed5aa409fc18c1625c727722c3

SHA1
0a4dcb67407fb942070df6f96eecc3ed1c3613fe

SHA256
c39e32bacbe895f7193e9cc6a57876fe51d8b235b5d0a1ddb0daf034fd28d251

SHA512
1798e73bf4f752d59c2dd7ca40bfeaba742f14339b97f37cc77428b7df1eef830e141ccc4b8baf5f9daa60037c1e2fb7534aaac62e4f74399e376a2e384b5b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f50e06a3dcaac50e502eede5beac16c

SHA1
b12d042ca601ca2cfc084b5687e93f828fa8b9e2

SHA256
a1d9657fb0c960bf2cebf1577b8364da9e8973c92431569e37745805a6d88d5b

SHA512
808f86b91f5b77ff9827954f0259f77898b663fc49d58d0737a937bf34b42e801c1fbfbd09eed7a1060a5c7889ffcb683854bb3ec48f49e44c0ad978d4928d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8cde3a3847eeb3cf6457e049e44fca58

SHA1
843a092b067d6d7eaab330008361fea3be478764

SHA256
f3b1ae8a93d3883d73f8c78d8f399d93c111b270e08d4c0c288e2cfcb4413689

SHA512
4d979902ddee9ff597934e47d1d8c050b08e09cac6b3073097a928328e3da90b3b4e2bf21ea87100d4c1076290656ac5441997e1acda4f6e09ab4477395d0d80

Download Submit