98fc8f9f59e6a5a89f729706b3a83241faab040c1a56934e3b2eaefd2f9da746

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1e2ae19d631e7d13d2fb809ed328066_JaffaCakes118.html
Size

213KB
MD5

d1e2ae19d631e7d13d2fb809ed328066
SHA1

b204f378006984e789095eb7d7d2d416c073bf2d
SHA256

98fc8f9f59e6a5a89f729706b3a83241faab040c1a56934e3b2eaefd2f9da746
SHA512

20b63e57d34446c742cfb2ffcad8bf6dd6302ead3267286042142f0ce331b50a98ae77fd255eaa775bf08eaf49339108a46755ef9948f10c6765d60229bec5ea
SSDEEP

3072:SGSd/xvylowyfkMY+BES09JXAnyrZalI+YQ:SGsxtsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
768	msedge.exe
768	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
768	msedge.exe
768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 5092	768	msedge.exe	83
PID 768 wrote to memory of 5092	768	msedge.exe	83
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3916	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	85
PID 768 wrote to memory of 3628	768	msedge.exe	85
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86
PID 768 wrote to memory of 4520	768	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d1e2ae19d631e7d13d2fb809ed328066_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffeed946f8,0x7fffeed94708,0x7fffeed94718
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,10036194188638049111,17206815533576482141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,10036194188638049111,17206815533576482141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,10036194188638049111,17206815533576482141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10036194188638049111,17206815533576482141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10036194188638049111,17206815533576482141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,10036194188638049111,17206815533576482141,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c5523e3dcb84d4f57645062441ffb8b9

SHA1
aa8fd896bff7f3c136e2233b250c2ff8357fbb88

SHA256
9cd360c9c9fb783fa91e92b9b2bd6b3d40755b2995d0b417d33112b373695fa2

SHA512
0417638fb47faa294d1e4bd27fc71aa7cab26f1c76439953ec8f1ce2cf1d9d5c3ec80c18428b977439f1ee9e9e6cb5f9f6d6825554e45f9c833a0c34ddfe4134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c5e6e95177a1294b15a8c5f83af4795

SHA1
5e74c666260d97f37e5acec38073dbeb8a2a175e

SHA256
44442a9f5990608515fd0b9735857de23b06b6f26cf95f23d373a0924b8b74cf

SHA512
db00cead6c0ee26e86809b2814770fa1a3d95d1890cf7b18449f7e0d24f7e948995919021b545d101928d15b514d8dc1b78044482517695ae9a20196f7534908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc80fdc5d0061b50ad3f9e7a1f8ad88c

SHA1
81fe870df95994b89b474fae082b94b56d273bc9

SHA256
b82c39158aeb7e4e740a3f17ba648497f4b671e0ea6062752d7fbe355cdd5484

SHA512
6004ec3bc9fa973dc2c12a812466921412c744b333d8caf049d6c7e98acf51268de6cb18f1cd8f20f18e84a20e31d5c765d0c1aeb2c40494d6eb75ae2e8c8143

Download Submit