01d29587847a4710b7e8405748bc0403494affd9245e58a91c2513ae70a76c6c

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8a673a69623fc8bc6a9cfca6c3c3138_JaffaCakes118.html
Size

246KB
MD5

c8a673a69623fc8bc6a9cfca6c3c3138
SHA1

ce63966ca9a89d384b17d532089a95dbe00e2ffe
SHA256

01d29587847a4710b7e8405748bc0403494affd9245e58a91c2513ae70a76c6c
SHA512

4af2f50113fdc0785a00cbd5b0bd1faab9813fd5fa79bb3ef00f9aebac6732169304c8f1411a40be93ea75b740dc498fa9e6c4b20367326c84a075d83fafa122
SSDEEP

3072:/YZ1yvAhZrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ/:01vdz9VxLY7iAVLTBQJl/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
4972	msedge.exe
4972	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 2896	4972	msedge.exe	84
PID 4972 wrote to memory of 2896	4972	msedge.exe	84
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 1180	4972	msedge.exe	85
PID 4972 wrote to memory of 2380	4972	msedge.exe	86
PID 4972 wrote to memory of 2380	4972	msedge.exe	86
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87
PID 4972 wrote to memory of 4408	4972	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c8a673a69623fc8bc6a9cfca6c3c3138_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe746446f8,0x7ffe74644708,0x7ffe74644718
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9802147418354660436,383530441977468022,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9802147418354660436,383530441977468022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,9802147418354660436,383530441977468022,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9802147418354660436,383530441977468022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9802147418354660436,383530441977468022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9802147418354660436,383530441977468022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9802147418354660436,383530441977468022,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\43dbec17-d2b7-445d-911a-e64d3ca86696.tmp

Filesize
5KB

MD5
0a2fb4005535eb4de4d3febfadd572d9

SHA1
0d0bff653416bd6104044596ae2def745bf183b5

SHA256
d751ccb943613703d0dc5ac95a9aae0442df19278abc3ce7aa5da920fa50a3af

SHA512
8296e24f113e830f4d56bf63b1bf70057a41e1cf74308c02439598a96e20acb2ba5f6c415c7cf3a9736312bf220afb483ea30d3d307dcab0e0e31c13d8d808df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
551B

MD5
7ccb87a28392cb9c97d2db14d16917a2

SHA1
6f281ac599a755c620b20986a20661716bb64a35

SHA256
41fb496402d00d88bbe61f67d59c508837796d32c814bf6ff5c85c7087d9f2da

SHA512
4e2b85f6246ced42342950e720954619218dff277549aaf720162494e27a699a18cf469a20e31fc8f2140c3a86f8cbd484e6c278d0b02ddbe30a30c925241bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5bf3adc9101b8310f254261f4fe03f5a

SHA1
c69c44687f9c33d423b96eff46ed8194a7b4c09e

SHA256
b62e10a847626280715583579d7766151a368ca708145e79cd3e69f21ea2b716

SHA512
0a9aca9425156f4b2cf69aa400f476f94b989eb98ef20714cc7871cde524eb66e0bb856f566a563fed1a6725fc08f3e407dd0da3f25e0e60e09fcabc261c031c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf4da1dbf8166c095fd1e961808a977e

SHA1
fb3cc8f34c0051666e0970e4c338879aa453072e

SHA256
fb371f8d6ed096ee5fb4b8141be74b34ff15d051143954f38e454c5aa0468bd7

SHA512
6edc22dc1234f6aadae717481dc50028473dada5af5a7cae6a05d44ee79f899fb8eed12d9889ad914619a80023dd07bb3f04e130b9fb4fa789ad71dfa67cb9bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c333ff45cf3cc70096952d96cb8b71cb

SHA1
a0a5f1a469af003eb04c78b72c46ebb5ef200cfe

SHA256
3319f1d1c0ac9b0d5b60b7dbb366b1c204f71075e1c5378b34d5e9c9b3d4aac5

SHA512
00e8b7c824d61babe74d91edeb59dd6db9614708625fcf1734ab36870b96df5194be694cc53379da6de15097f991f968fc49a249c3f7ead3a5a01bc8a114b0bb

Download Submit