e8ddfc7910a5cbcb3df8e160b4a1ed03d3e496e9c8eefa23cee3414d45d63f33

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0b2ae8f5aadd027dafb0fcfaf629330_JaffaCakes118.html
Size

68KB
MD5

d0b2ae8f5aadd027dafb0fcfaf629330
SHA1

0e28f34ef91c3acbe55fbc7d1b9fe64be12087c8
SHA256

e8ddfc7910a5cbcb3df8e160b4a1ed03d3e496e9c8eefa23cee3414d45d63f33
SHA512

42a0183dad06e523204027435d5eb2edbe3d7ee7cfb65a7ee40b353956a3262530051646f1d0b2134b8fbcaa72b32652c682f949d387019263a565742abe8cf4
SSDEEP

1536:e3iThQHtX9fU1V3YPLUQWqPh4cEvrEwQO7zhfaNs1o:ey0tfU1V3QWC4cE1QO7zhfaNs1o

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
4436	msedge.exe
4436	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4436 wrote to memory of 3900	4436	msedge.exe	83
PID 4436 wrote to memory of 3900	4436	msedge.exe	83
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1856	4436	msedge.exe	84
PID 4436 wrote to memory of 1440	4436	msedge.exe	85
PID 4436 wrote to memory of 1440	4436	msedge.exe	85
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86
PID 4436 wrote to memory of 3492	4436	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d0b2ae8f5aadd027dafb0fcfaf629330_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1f8346f8,0x7ffa1f834708,0x7ffa1f834718
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6341697997983453581,18369315991757067232,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6341697997983453581,18369315991757067232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,6341697997983453581,18369315991757067232,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6341697997983453581,18369315991757067232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6341697997983453581,18369315991757067232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6341697997983453581,18369315991757067232,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
465B

MD5
037012c4a06d26ed7975f6a186f0d582

SHA1
1faab752ba14a332d63cf2c90c70001514af6921

SHA256
4f5c1c4aa66e1c368e61539cddfa1570a9c7f5d51b5efac7ca3d7a3f3fba6f2c

SHA512
d233fd55f3e76e43ca7da79f699d0890b3932a7fc67ada6a3b4a41f8b6b12bea75b5db882c3b9747998a07a18f55603353b31535655855c4a0475bb0b3d76b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
88960fbc07d74b85b658e6d3d953cf20

SHA1
a153a5359f6274747e407356442557af05e54d81

SHA256
5607484fd3e5b2232554c62672602fa21010c92349ce0f55d250bfc53a9c8b9e

SHA512
3462375ca18fa04aacd30ed74e2c7b2a52f252ab920f6dae0a54fda529334776265569486c79e58765553c5ec4ec1772e2b784c283a5285b0b43552c8982f1be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
b203a1d90181700688b473c005241802

SHA1
fec27f98918a6e2e719512f46c67760e972135e8

SHA256
a882f0d985dc2f96cff2944bbbb7fc6eb656bfc8603248ca30a9c684bbe3b548

SHA512
04e83b210fab5bd47ff1d17fc93c48b798a19548afba4049c485b9f7c6cd5c127f21b4ac5af650a8c2822e6abcb2f440cb4d8a44a7fa760300e325dbcf9b9af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
356529ad6ad08eaf78eec55b9e8e7efa

SHA1
0ef5e0a76a68100a917bf519f3a5e38f40509f91

SHA256
7af76e467895b37ec9f7d0ee355a9386ada7657c2a76ddb130c3409285ca09d0

SHA512
21c397a9fce01ea71cd95704220dc6cb65a924050af6f781e0e14d1eb003b22a4fbc69a7382706f43bec3923423e23ef842d4c89931fcd5b01194549a175ef56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
1fd63dabf108e59b75e8088d56557dcc

SHA1
2958f0d870e8e8a4251da0051d69b3e04881e6c2

SHA256
d257a41fe291ae4babf7afa2a5cdcd1a4944c9706cda5e0e09967faa25240155

SHA512
2e30183ca9dc187622ba1d9bc780b27292faec08a7798a50bf2eb5e7b94f21fea46200be4705ed2b47d6c44a2171c49e4c5d5206deb48fe14493bc9c5338885b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
27e2b32e752a20a9fd424423e3086fb5

SHA1
afb41fd4dfece80d2234f555b12c268df91852a2

SHA256
7e40dccc625542c83d31add4871ab4ca1c90c0ff55935bb3b1e7983cd694912c

SHA512
af9104b10f9374fb655e56c0480b929afa10cabc20a384f464fd2a2fcb59be26730b258d8eff7c154222850d1e1207fcf2afeb96a6f1c959f44a4ad7e670c2e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584e1b.TMP

Filesize
540B

MD5
956fe27e6dc1452531da933f678b1497

SHA1
43131259dd1c0b944309509b226f21348932e71a

SHA256
ccebbc6f6829cd5c0ca6eed192464e7901f78f4c53e0ea4b0c59e9e775f928e9

SHA512
7149681dce5d2beaebecd34c5f49eec67d28063e53362b083e9dc0a95320b88d2088887765c8cf8d67a21cc0e51f8b08be71be9fa577f6b643af282b18550a8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
dff6f4fdd9adb0536351bac9e82421c4

SHA1
d9278ee68184baeb4add4748c5a8f82763be107f

SHA256
670ba0614bbe06599e921447fab77afe3eccf21503bee4685c2640309a08909a

SHA512
b5fd1bd531338c28653a31107425e3402c1717d7779d67a5587cf4eb3f39ee049a35b1bb72afda21ce4ef9f3b839648c1220765bdcd70ef2f13bac2f17ffdfb9

Download Submit