ef38555316632c1f112a37d3e20e6e456d36af36897283f6869b3901946ad5d7

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0e7e40103090da717727e0d0dfe1396_JaffaCakes118.html
Size

139KB
MD5

d0e7e40103090da717727e0d0dfe1396
SHA1

cbcb56ce6440abf557e3eadfb4df0090b3a2df08
SHA256

ef38555316632c1f112a37d3e20e6e456d36af36897283f6869b3901946ad5d7
SHA512

58f437d7fbb44d45297b0e3b86f9c28eac3a0ae208c3f767b6809cf4bb4d2ddf8e1a4ca03843559eb268fd5647f53d97a4d5d6c90df2eb4798d4eb321ba19d89
SSDEEP

1536:SCqvAbWNjUvCJm5lBqyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:SCq6NqyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1792	msedge.exe
1792	msedge.exe
2212	msedge.exe
2212	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2244	2212	msedge.exe	83
PID 2212 wrote to memory of 2244	2212	msedge.exe	83
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 2980	2212	msedge.exe	84
PID 2212 wrote to memory of 1792	2212	msedge.exe	85
PID 2212 wrote to memory of 1792	2212	msedge.exe	85
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86
PID 2212 wrote to memory of 3684	2212	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d0e7e40103090da717727e0d0dfe1396_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff807f246f8,0x7ff807f24708,0x7ff807f24718
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9555014436655365050,6205499245889644772,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,9555014436655365050,6205499245889644772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,9555014436655365050,6205499245889644772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9555014436655365050,6205499245889644772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9555014436655365050,6205499245889644772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9555014436655365050,6205499245889644772,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
476B

MD5
96d42d9cde5b41f9f9c37e9af0179a2a

SHA1
77e8626f17b4c6c5f196bbd375649f4d5264c90e

SHA256
aaca05b2a9bf454cdbfbaadf01e4cb3577237c97bb2b72a06de550a14daab960

SHA512
7e2db88b2a8fd16023ff4e9f3347dc664f7dfc3868fdaad93f6ad8a29e0ea3867f5351f086a41ff0b161390dd3d04bb2762dabd17ca8c0a1ca56bf6f921afff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d704c8d1bdb0430309f041fb918425a3

SHA1
e647c2d6f3ddc71e21d7983b6872b0e0ce3a5b42

SHA256
4069cc04ebef3ac679eb2d2a024736927255aa091f868592b2a7ab932faff264

SHA512
debaf6e7dee7c54cd20c19c39b7e9b9523e057b36783f96f8440ab07302eb9d74c0a32e9328508827497148f679e225cc8dcb1f30502d95ad43ad2d7f60bd875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
13a9ad04825ad7e2fd5899dae50ab810

SHA1
fde9706abda7a8e8ff8ff7b73a45f46dfc221c51

SHA256
72a54717aa6b1023c8aa836d47335d8b582f2db828638e515c66c03989d70ffd

SHA512
8aaadeeaebb47f2782431450ed949f5f504e4ef1e243c1980196ea93f3ce07f23c47afd5445c333c2d5ab70c28410b2b90cc95d3a3ce1cb0b3a11fe604e850cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e15ce34b6024a410f9b08d66009f7285

SHA1
97933c8d50ee56cf1612d1251125eaba14cb4685

SHA256
614353cda47ec44c6ba940e826282c4728a309373fb25a91fcfbff17ba5a9615

SHA512
eade79af62496df35ac08c57afa4437978316f7ed5cc5f056e3193c7f7af82e48d78c8ae671298d1d1fa2a535274c87d348dc7eecff002c1b53efeb1d499bda2

Download Submit