fbf61b43f5e5639fbdc3c01b8ed42a9b94b08193f09c85b78f855f97117d36d9

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 23:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0a6276cb96fd0094b669503611f1b79_JaffaCakes118.html
Size

36KB
MD5

d0a6276cb96fd0094b669503611f1b79
SHA1

c8b1613730c7e5f0fea0365a205afcc4c29d3d90
SHA256

fbf61b43f5e5639fbdc3c01b8ed42a9b94b08193f09c85b78f855f97117d36d9
SHA512

9c0c5060033a5abcd45cfa12c32642ebd532be1af9407f7d64d731f4fddda6116054e9b82e29ab07d50ea84c314104eea2ab8019a23d6e67d44fe01ec8028a50
SSDEEP

768:dATWn3VnJL5h3Dk7qXT37m5z5qMKQAPfp:ScVJ99Q2b7Wz5qMmfp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
728	msedge.exe
728	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
728	msedge.exe
728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 728 wrote to memory of 4436	728	msedge.exe	83
PID 728 wrote to memory of 4436	728	msedge.exe	83
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 3372	728	msedge.exe	84
PID 728 wrote to memory of 5052	728	msedge.exe	85
PID 728 wrote to memory of 5052	728	msedge.exe	85
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86
PID 728 wrote to memory of 1288	728	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d0a6276cb96fd0094b669503611f1b79_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc81d46f8,0x7fffc81d4708,0x7fffc81d4718
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,17076973404899563775,9999923639134053131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,17076973404899563775,9999923639134053131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,17076973404899563775,9999923639134053131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17076973404899563775,9999923639134053131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17076973404899563775,9999923639134053131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,17076973404899563775,9999923639134053131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\80aebd0c-26cc-49e7-bd2e-77133adf9646.tmp

Filesize
6KB

MD5
ef703258eec125b914f5d334a6ae84c7

SHA1
69aa92e498e05498b24bbaf0d7fa22917b104882

SHA256
edbdd446e6f9608f345ba5fbb0ec7c2156d7ef9c970aa30bbe29fbd4650015f0

SHA512
3fb4f792d0059d1d6a0d297ea71207b98e779bc5308e22bf38fc0c4fb069c4aedfe92e3b9994f0fea913b75e35a2ec4a2dae067edc6ccca33c3e3b6d899b0409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
266B

MD5
89b056240af807a1278d46f325dc5f62

SHA1
1e66dd4c9e030c5d2c23047a085822a372f17887

SHA256
f5f9f29fbb067a58ba60bebb0f36a61c535a234e45ff52f47f192d2836bac9f7

SHA512
109696dba2069f9b711948a93ebb6be8ee851336b14512c613196ca495158e8e53c3ad9bbc07aed6ea037b432f1101492a0e3c761d658f78e6e04d87b2715044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa2383ec87615bf90cbd2a5b23b3889d

SHA1
1f4de88e1d8071fbbb0e20bbcf9a93881de15c82

SHA256
c73987e5444759db05071e3419aa04e3b40b4fe4f90262c25ea48ca0e156dc7d

SHA512
bebba4daeccb4a5e98344e64aa5a4b96c1071c942bff7f1fe9a0e63c6e50a9890e051af247aa56a4a1ff551c9c1fdee61d7f8d654d15e6af5b425ceabbc82ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3624c8db71079dc1ff2cc6c103c20b18

SHA1
435d30698ce68003d5319c8d2764de037431aa5e

SHA256
05891fce933a446f56bd637d530770852b7ab0913a7267594a94fa8aef224a4e

SHA512
ac30182e3aeb2f51d8e1e650841be1dc3ac6bad8de517ba0d5aa8028624dd251097bab0a909f86d0d554060bcff08f5db51da619be3eeaa6b181ce60902a01ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
592cc574cb93c0d8bb8802c3e8b98107

SHA1
b1f8dff091cc7a0b0dc150f78a21c53493898689

SHA256
8eb1aa66668b7a35e23c43d26386d837fad9d70c50b64fdd9809a427df454084

SHA512
3006c83a24fe1ab37a7223311ff4667a72834e9c58d81f729ef0e7658440b915978795405474a2f44e976b563e5978880004ba49d97f2c056474e62904cf88ea

Download Submit