772bd53fb82db88d99f77c9f176c8ae624ac864bf9beeb3c4d92fc00850e6c0c

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 16:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d2620ea55cb8c47d421b3d7579e26445_JaffaCakes118.html
Size

83KB
MD5

d2620ea55cb8c47d421b3d7579e26445
SHA1

f1ed25650b4aacde5ce84a4bb6bef964b63d0743
SHA256

772bd53fb82db88d99f77c9f176c8ae624ac864bf9beeb3c4d92fc00850e6c0c
SHA512

92f49445d6da7c07b98e6eb5eb0f8e73243f93cd8416b48b64b41068d02bc136ebc0addac0ad944bdc91169548a86a09b2e3e89dd51e5e0aa238f93b86672e5a
SSDEEP

768:lKZKtKDgCv47L89j5mQtrdt3EyhqriNk5NVOmxI/QYi1qU1T6tD34uIvVTaVlkfy:l0mgjEbLEhb

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
5076	msedge.exe
5076	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 468	5076	msedge.exe	83
PID 5076 wrote to memory of 468	5076	msedge.exe	83
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 5036	5076	msedge.exe	84
PID 5076 wrote to memory of 4844	5076	msedge.exe	85
PID 5076 wrote to memory of 4844	5076	msedge.exe	85
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86
PID 5076 wrote to memory of 4764	5076	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d2620ea55cb8c47d421b3d7579e26445_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffdbf0b46f8,0x7ffdbf0b4708,0x7ffdbf0b4718
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,16855618587819485561,17183660182530105318,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,16855618587819485561,17183660182530105318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,16855618587819485561,17183660182530105318,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,16855618587819485561,17183660182530105318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,16855618587819485561,17183660182530105318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,16855618587819485561,17183660182530105318,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3323dd25-70d4-43ec-837d-f74cc068c85d.tmp

Filesize
6KB

MD5
418fbcc16b835d5fd246a6d424a67d15

SHA1
293eec9a9aee2621d77797ac6fd5f570ad07d0af

SHA256
1502b6823ad1cbeedb15650b88ff5fa23edf6fb761fb6a6623364258f9bcdd52

SHA512
2d568488dbec947663eced025e15a992afb326887defe7c5fde7ef54d7d4a1ab4d6715cf0758fc5a0a433b613b36e56c133cb46dab665382cc3e8e6d436532a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
472B

MD5
76914a9e4cdc3e3e7f6dcbcea330fc6f

SHA1
47258dfd6f8f9bcb5f6151d0b88e82f8ec347340

SHA256
c7c6d744183d31035433fa4f9b28e3d4aef6feaed97aea3b820829091ccaad60

SHA512
9063c2ac4ca10c714a68e730eb5a5d3d4b697a9c57ae9f76808a6cab2a1cb150d37050e55f7a20aed4249282bcd5c8e8d81ca5cc19fd93bf4892d220bcb7fce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ffe18fbde2a14fa485d9b73a490d519a

SHA1
c954be3dc2ebf33b8f284d49d50bb20e98744873

SHA256
2e2e164e862d944fac460b71a4e2e9e66cbb080cea376c037ca5aadcf755a0fc

SHA512
da7cc0bfe752aac746812339058092e2ec30d8f2ff5b05124ce698a14f63838ac3be2283549df26c7539f22120f891e0abcf832783f10018a41adaca81ae5c8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a832c09d67b56a7a11a7a629ad1bce1

SHA1
0d6c5d27b07c001133a7fe91357bdb4f9a8f33b7

SHA256
4f0cc165b8d17144e71959d993b5e1615c0ba1a361fb5eee7fc29ffb42f38466

SHA512
3b3f2fd92908a252e0e808e088c8a72d86b6332e0b1fb6b60270618b0eb18531e772a6300353e0430a0b180664726a19aba8ea326bb45ef005513d4d79d5930e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5809de.TMP

Filesize
204B

MD5
1be14aba57e2e1dd0cc814d75134e9ce

SHA1
df89991d524e60fc2fe2f458286984d27f4e28d6

SHA256
3cec365c19624545b43acc53af7ea8adeffc4ec41404d6a90df251ef6e836cce

SHA512
491f94c09e927c6b686914ee97290e4c8aaead9523f3d65fc5fe4743a5ff72f6107a72d1d924b57c045d166d7abae1aa9291f158d065b621743648584071c428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b928a591-04e4-47c1-a4aa-4d836d9534a3.tmp

Filesize
204B

MD5
dd89b7901c81bf29d24c00e4bd65fcd2

SHA1
370fa4d3eb595af064dcf7d7dd908744e5534b0a

SHA256
01dc33054b164580a44e3e2ca669dcc9fe9aedcc002a5dd4641b40843e38d920

SHA512
b88085de430f070f9aee539831cdda6b86d7d6d2e938e9542901c6f66256ee01a783463c477289b137b666b229818ec6cb9045a7f3ec58e526442e74279f1f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3abe7861a57d18b3e1a683721ec5bc8a

SHA1
d51b2e5cc540a6915a22e9d60ca635591cb3d5c6

SHA256
163c3cfbd2349d09197a295617b21030ba0106968eee9b6f973dfd87b38cd526

SHA512
9729cf9e36ac60a221d0658bf33c6eddc37a5945521861cf38037efc5939a1c976c5bbb4060bc8871a51a5e59aa675d6ef7b1ed26d9e33eacda44e89d6e8210e

Download Submit