1079d055bc4d28c01cd6689979c7a96a2b5a9abba15e75456878924ad8ef5d60

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26-08-2024 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c20f6ef611385db8c2601b2c03fbb112_JaffaCakes118.html
Size

302KB
MD5

c20f6ef611385db8c2601b2c03fbb112
SHA1

1995d327953178ba9aae2106a8de4891f7485a8d
SHA256

1079d055bc4d28c01cd6689979c7a96a2b5a9abba15e75456878924ad8ef5d60
SHA512

84ed1d9a947a7e223a593032eefcab8978bbec1b75b2931a6902e6dd7b498737624d751d653513185b57322ef448bee0d12587a0b2b61c61d31e3fe4f8a243bc
SSDEEP

3072:QaibgFYchC0RqTSfhixYu0pNrhs0Q9jTiH+cNuLY3fQ3eQSu+e80SVbArRHNGb3W:QaibgFTWyNa3Gi/cU4v2YLExY4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
948	msedge.exe
948	msedge.exe
1516	msedge.exe
1516	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1516	msedge.exe
1516	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 2228	1516	msedge.exe	84
PID 1516 wrote to memory of 2228	1516	msedge.exe	84
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 4824	1516	msedge.exe	87
PID 1516 wrote to memory of 948	1516	msedge.exe	88
PID 1516 wrote to memory of 948	1516	msedge.exe	88
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89
PID 1516 wrote to memory of 2376	1516	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c20f6ef611385db8c2601b2c03fbb112_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f2b046f8,0x7ff8f2b04708,0x7ff8f2b04718
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,3004085631930628198,275035156481095288,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,3004085631930628198,275035156481095288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,3004085631930628198,275035156481095288,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3004085631930628198,275035156481095288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3004085631930628198,275035156481095288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,3004085631930628198,275035156481095288,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
256B

MD5
8fa47fe3e7159bd420648e915be3313f

SHA1
c8a920b7c404936eb7413c21eefbd34aeb475fe0

SHA256
b61b67d6e73b2cf4da6c971bb004975545d66dc5fcf9830bb65a2ed1c4953bff

SHA512
ab89febfd00688a3bde0916591d030f2f1c2e2aef9e918f7c2e6840d1b8bdab7ca7befaf6fa8ac6030e2186ab6897b190757992ee8d3a9b8b19ad1d201769714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
256B

MD5
45e4a065960da14690a2a2def0de7c2e

SHA1
4176da2bb98ae31392eb30eee68fa264aa1541e1

SHA256
152597a99ffa29125031c536d588e8049635fd72334a5c371e3bfe5e1338a61c

SHA512
330027a4f837957bd22dd2dbe4a6c0152c678186a241693a4f811cb7bfa232245f989712128fa04f05d855ad7f3d306622945934ff6afb60e5e246e827e6bd73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cef346ad66ca7dfb564cf934c973c9a7

SHA1
3c29d2f1516fb42de72ca1c0bce0ada38670716a

SHA256
d1b6ab8b856b4d1771d5f57b36db843e03e06178dedcfa3aae4f80d6704ba6d2

SHA512
4fec39cd16585d1b8b584d766195a682051824c5beb61020f3b4d8a8d5d064b7e32b6824823a9140e3ce7d2777634802de1a0fee972be1f2e74a38805c46eaf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7d05bddd8c54c162637fc9f3de662e20

SHA1
fd94673b11380ba952d8816a45fd05ca00db8fce

SHA256
ef34fad62790e81e5344a50c6ef3ab7901489841c56edbf933ff28777dbbd08f

SHA512
bd5e6a9973e13d16d06f45b10824fdd4faeb9a0da716d65564cea50223c57b9d71f5799d857e9b4d097eb134494ceec31db517819d0d0068a5caaa7f068901ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
310b94a0b27872fec909d14558a1d377

SHA1
e769cbd645550bbcfe8b1049671ddb5de193e4fb

SHA256
815e5725f0eb6de6fe3ec52e22aa11c5319eae6a2c345d06f8577d96f1425e25

SHA512
470a24a93c375d3e42be9ff0a82e73ae02608139024eda681f66088c3f7d4727377decaa82bbde02ae380918eba678c8ee90610783bca96f80378cc65435065a

Download Submit