da3fd58e1711bc4f4bc5df3c2f8de20d765432d06146311cbfc7725719067788

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1c7f494c0f5fc58f976e263d89511ed_JaffaCakes118.html
Size

136KB
MD5

d1c7f494c0f5fc58f976e263d89511ed
SHA1

76801ce387d1af67213051ba674d406e986b5329
SHA256

da3fd58e1711bc4f4bc5df3c2f8de20d765432d06146311cbfc7725719067788
SHA512

306ad73480727bee0a92497406643517663271256a9af25e734059556a24d6cc2142d2cb0c5c98b76fc7b385bb097542b374ddeabffcabdc55b61457c1bac0f2
SSDEEP

3072:hF8SF3VZP13G4k5QhLpOatV1nIKi/fNbYaaLStRDcxWUu/v66sbsGon4G59t9Vcy:Xpf3G4k5QhL8atVcfNbYaaLStRwxWUuT

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
3464	msedge.exe
3464	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 4780	3464	msedge.exe	84
PID 3464 wrote to memory of 4780	3464	msedge.exe	84
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3228	3464	msedge.exe	85
PID 3464 wrote to memory of 3232	3464	msedge.exe	86
PID 3464 wrote to memory of 3232	3464	msedge.exe	86
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87
PID 3464 wrote to memory of 560	3464	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d1c7f494c0f5fc58f976e263d89511ed_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd70fd46f8,0x7ffd70fd4708,0x7ffd70fd4718
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,11536498717927434480,68027188175275075,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,11536498717927434480,68027188175275075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,11536498717927434480,68027188175275075,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11536498717927434480,68027188175275075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11536498717927434480,68027188175275075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11536498717927434480,68027188175275075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,11536498717927434480,68027188175275075,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
619f6c3b348bf1698a7e873948230ecc

SHA1
959fedc386fb376206bc35bec4ff464f9e37b0cd

SHA256
1354b84e981d43cfd1ba9ce645b548d418f9be17d43e93bef1008df464df527d

SHA512
5b47c39097ca2e8a486a1f8bff3a8dd120be023b5dc327f6c3e259e434c8ba70432e2c23a9da2f43587cd5a1a2e2738168cd1ceb022481e8fd3d5b4577bf851d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
823B

MD5
c0c62e761cc13c540b3e57afb79fe6c0

SHA1
2c9066e719dff467116e6b0b0e07aca34bf4d62a

SHA256
3c7119c729693fdebf23aa59c06809d384a6bc299ae421858d40fc30fdee15d5

SHA512
e1ef7d7f1eee976d967580bbe8d3e5bfa1a20150b41d6b0a6f1bc60d6735c82371d9fb4323b96fc9d47a598928e599fb0d755b3364daa626b949b4c349f5d7c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
82ba707c9f8c44c76749d0075e036259

SHA1
1309914bef6d34d0feed2e8ff1baa2ef10a54b33

SHA256
07ea3db9fdf8789cd2404495fa50baaeb449fc6d443bd7ec578831c3cb522cf2

SHA512
d64a08a141cb72261d81d3257d21767bc67a320d46c99d1ffd28eebdf82f692b76397ba913b2561266fd44cb9f523b615c50d81d0ac97f76c104b137bc465d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4ef8a4939855c2e946060f267b7acae

SHA1
ec543c761c416c6d3e872ef5716fec35da49e7f8

SHA256
dfd95d54cd967234bf2f7b6e6b3161ae4976167b132eeab732dce45fd5b2ec06

SHA512
b9e1ff4d50c430bb4b62e15673ec18cea2b39b6f6d6f0fd1fb5d34ec5e8807312df9b3e5789f984d944e7cef466b4501e315d588001149dea3a9178fdfb9ae79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0f2fb6d6f1c773c62455422bcc78ce23

SHA1
e4cd3a3a4bd56136f7fd9e2abe3a4b0e2a150014

SHA256
5bfaf0e803b84f1f00b9939ffa23e02eaf364af3f19cebdf739afce43c35fa9e

SHA512
f83867387d274fb4790f32dce03156d34801c3b09458f86c42d3830a6d977b1fd1b2227fd2bb03da1fd2ed3cdea5fbc399788ac10b89cf978b277a8ed9845ec9

Download Submit