1389cdbc18e489c8255c00bb37b49e25d49e559f15fbd8cd454f072b65cbffa8

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1436a0be7512d14205f48e9a107cb47_JaffaCakes118.html
Size

187KB
MD5

d1436a0be7512d14205f48e9a107cb47
SHA1

1aa3cb8f20feeb203ace76b6683aa3a79593fe7c
SHA256

1389cdbc18e489c8255c00bb37b49e25d49e559f15fbd8cd454f072b65cbffa8
SHA512

55b46e8d5b5082db199984d92eab710ed8c20b48ccd7d0120b922cea59008cf308e901e939efab266360d35ee6e2488adcecd227f9a91283e96693db990b5972
SSDEEP

3072:Nsf5AsZIS+f0vXfp8qVyTXfpT0HXaoJLpjzfwsMhq0NrQ:YYf0vXfp8qVyTXfpAHqoNpjcsMBW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1736	msedge.exe
1736	msedge.exe
1948	msedge.exe
1948	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1948	msedge.exe
1948	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 4100	1948	msedge.exe	83
PID 1948 wrote to memory of 4100	1948	msedge.exe	83
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1912	1948	msedge.exe	84
PID 1948 wrote to memory of 1736	1948	msedge.exe	85
PID 1948 wrote to memory of 1736	1948	msedge.exe	85
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86
PID 1948 wrote to memory of 3696	1948	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d1436a0be7512d14205f48e9a107cb47_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafde346f8,0x7ffafde34708,0x7ffafde34718
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,13660716443226447787,10366450154821080591,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,13660716443226447787,10366450154821080591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,13660716443226447787,10366450154821080591,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13660716443226447787,10366450154821080591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2560 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13660716443226447787,10366450154821080591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,13660716443226447787,10366450154821080591,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
182B

MD5
4e6156be729a4f65681a10847e3fbf09

SHA1
e033f0e00b5d0dbde58a987a4383d4d99bf7a981

SHA256
a97fb78f7350d3dde3804344efb6c1af5d481ff259d8c485e8cf8c4851ef87b0

SHA512
9767982ea89f85cf77879d14e11d1baf5ea0b0da1fe499a5897f30c966f4cd94368d93bd20cb3a2dd0ffa74c8957a6fd7fffe917f33c221edacf24b0be13e0d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7e785b304fbcb131ecc4566c75c3d89

SHA1
a91b21a9f4d1a9039942a12e58f5b3c9ccdabd9b

SHA256
e08210bbed0d62f8ed535c3bccde0f0950efee78ad36f71a3d215be7e3545770

SHA512
88b63490121299fe6e9a73d9f2ee1c50dab3143836db0a52eca700fc710845b873099e18e6499f17aad3731f1cd23533e715bc1b76edb13427970ff95ca5d7b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5ee18a4aecc66d0f5c6c3008732a4756

SHA1
6f47182f8749680a6d15ab3df1b266e091ecdf72

SHA256
f15b205718db0c38032e039a833422bfb2b81bc598ccb06475d672641fd35f05

SHA512
4951ca8f7494ded8e7525ffe38bfbe541743f21b32005e878b5dbf68867253b7294dc65a5b57a9d5e82f802b42c22cc1b75c7b291dd0edb0235cc58766d01bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7055c1f7495a78a26f2f91544a10902

SHA1
1b140264a5582220eb7d9e19a6885d3edadb1d09

SHA256
9e220e436ee480b203e479be0bfcff40d991aa80254921e20ed1e6717cf71d57

SHA512
41fa5d864d037463e6b431e0b31d9895c6a34773b9550639abef9850e8ca3eed476ae1544ef3228e945bae64429624f7a81629e8c4a44ec0b1f0cb9bce6c7b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
00b9cb67133b284a055686da26f235e8

SHA1
62d8203582b094d468236d1e37306ce3df049695

SHA256
13ebbcaa7728940b1fb09f399b3cbe146baeb3123acbe45d9d5ad914fb10ac02

SHA512
5ada133bc5556fbb0aaa878de583788743dcb8c7dfb144be30b6d38d88cca0ba5174a5a4246ce8f5d70cc9f0647ba3f1505b1294ca41a9a31735ab50578b2f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597ebb.TMP

Filesize
372B

MD5
702a34a299f53f63dc9e38fe3824fa98

SHA1
cc871af5f9d6bbab14e5cfbdae2dedee6e378963

SHA256
d021b9b4819b1db03424348f6937900e52d3b82b66a90882cbbb5f2477679132

SHA512
debbe975290846f7bc858fe40c9d0f7fa982f70541ed0f6427182ac451dd8801b2877d4e48db0da5f87313008a3e3807f4c99bf187a0cc2066b654ea29cfc03c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5bb856c38d738b94d62e56dc9e53f393

SHA1
6b4de7e07831e7f6ef8d0c24ab3c800224d1ccf4

SHA256
00466e0120be3514c617f2ce9660bf8829c7ea24a804876036df046cfde2dd6b

SHA512
58973e4f9accb4b806ea99849491e24b03663da2b92209c18cf2da3d6b428f8371778bb9cc495c5a78313af11fc321a58e47f26ab098e1e7f698bae0ac532e30

Download Submit