b902d5e1aa09be0d2d43d714eefd266fffbe883d2219176b33b443f0f5369435

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 09:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d19f4ee040bcf168742da3f3c4870ba8_JaffaCakes118.html
Size

36KB
MD5

d19f4ee040bcf168742da3f3c4870ba8
SHA1

62f2f42f03683493bf0a9e055952333a75877ab1
SHA256

b902d5e1aa09be0d2d43d714eefd266fffbe883d2219176b33b443f0f5369435
SHA512

08e7e35d00964442e251595ed3c2d7eb7868e6b317cd9979ab27b771730f40e77bac57d0c25041663ef6dab49d41f69914fc016b30b838b4db6833df3ef13b14
SSDEEP

384:EhEDW1d39jLEwviZ7UdpcC4f6zortNPjd39jLEAP/NVVpv2lz4FWvMjlCzfhvFl6:EhEKb1LEYip1LEuzfozfaMEmSbOZI5

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
2704	msedge.exe
2704	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2704	msedge.exe
2704	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 4536	2704	msedge.exe	83
PID 2704 wrote to memory of 4536	2704	msedge.exe	83
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 2196	2704	msedge.exe	84
PID 2704 wrote to memory of 3180	2704	msedge.exe	85
PID 2704 wrote to memory of 3180	2704	msedge.exe	85
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86
PID 2704 wrote to memory of 4900	2704	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d19f4ee040bcf168742da3f3c4870ba8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9c6946f8,0x7ffc9c694708,0x7ffc9c694718
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2935559378986754567,12711833188593572628,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2935559378986754567,12711833188593572628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,2935559378986754567,12711833188593572628,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2935559378986754567,12711833188593572628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2935559378986754567,12711833188593572628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2935559378986754567,12711833188593572628,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
724012dee83b21307a7933250439af6b

SHA1
a46993ef2bd462b3a809b8d9c96837e2a7c0015f

SHA256
6816f1cf79eb99353ee3e28b89adc9818c7b869adb34a36fe9c378b8e238b5b7

SHA512
bce2829690f9df21a8c998fb16e59546e968a4f7ec0bab8e6a7d92e3277434c0c766d24c1ac4dba221e6aebd870ebed9b21e696b67a851627309363e456faf0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c942f5b32164506ba562175589538501

SHA1
7fa481a6cdb325352cc742def1a9a47fc48a18f8

SHA256
c14a4884e03eb42b4db1199c130414f76dddcd74658c97415dd4c39ce4bc223b

SHA512
b6eb825e7a977f688f3c1d247369930cba8198635c76b4f641cfaf8768d8e201b64c0a8fa154f29cac0b28135d580023b8e2db1eac47a1cbbde36179d30b69f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ae11cc7849a51957d5b2d510499bb1e6

SHA1
328fae480d6b7c9966d0b5e9a5cfcde979bb14f7

SHA256
8bca8d3fcb1005a273a7f7d6e234d0162ed93db16d6815f719542403830f1eec

SHA512
881932609d3f863e879754b6cad21eda7c40e214cc9ac6977d7e2071a47d7b9f1e5f310d40b0bdd29487df107d109bf2dc722ad870e617e83546fc4ce8a56042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2297822e8158b05066f3abdbd0cb5894

SHA1
08ccb19f3119683a4ce3dedf576f64b108611b3e

SHA256
22018dd2ef5c98c4e9f1a70a0f5741238d093103afce6e3951f13a0e6520d311

SHA512
fa4dc457b75981d85311c990a1f8ba875e85493ec54fe80224171be88150b32247e8dd4fae88d009687a6ced23a011ebc1a2f32d0c0e39848bd30178a9b212c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1aa4fe164534fdef3651caedd3835242

SHA1
a4d2e4de5d94a409a3913cd083ac994cdfcd2d26

SHA256
51096a0d84fe982c512320d02ea2fec3a6828083172a20b145c9749c38f7e94a

SHA512
c78027e4a4d384d73c3f242ef97d4c9694bac2bbc591468fb2dd4ff986c82494f8bf274289d0ae6da8347fa5bd1a56081cca9993f0d56d53f4ecbd309466d26e

Download Submit