4518b8f7727c7e9e45976447b0bef40ce211054124914ca7133c766ee44b7255

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 03:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d363f913cb1e86c105d792a490757668_JaffaCakes118.html
Size

89KB
MD5

d363f913cb1e86c105d792a490757668
SHA1

e4caa9db0ea576ab8d71a8cecba51fdfa6e579a1
SHA256

4518b8f7727c7e9e45976447b0bef40ce211054124914ca7133c766ee44b7255
SHA512

0a42aa6a5fa3a7857c226fe70838449ed7658c011d25e95ed70e45a6c48e6e5ecf5fc5718f35f87a91484a5f6239b857cdfdf40ae1351eb09fb7a50dcee8e9d0
SSDEEP

1536:XD6ICgoOseT3fREB+JmpeuVN3745UXV6XWGQZAW+ewCpMbO6NtbxEDvfbiO94VlX:z6I/oOsG3feB+JmpeuVN3745UXV6XWGh

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
3472	msedge.exe
3472	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 560	3472	msedge.exe	83
PID 3472 wrote to memory of 560	3472	msedge.exe	83
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 1940	3472	msedge.exe	84
PID 3472 wrote to memory of 2776	3472	msedge.exe	85
PID 3472 wrote to memory of 2776	3472	msedge.exe	85
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86
PID 3472 wrote to memory of 3940	3472	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d363f913cb1e86c105d792a490757668_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9f5746f8,0x7ffc9f574708,0x7ffc9f574718
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,6956646759475814750,12748330217293365400,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,6956646759475814750,12748330217293365400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,6956646759475814750,12748330217293365400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6956646759475814750,12748330217293365400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6956646759475814750,12748330217293365400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6956646759475814750,12748330217293365400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,6956646759475814750,12748330217293365400,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
d11b65c6d0fbc2c2917e92f2ffd7726b

SHA1
2568b0f5e548668eb38b38630d5f02670e73d7f5

SHA256
ac4d8658695e635401ab2432d884f297d513001f80f4134f220a8eaa4702328d

SHA512
62abcf0627c093094ed69e93fb02f4a79873e6ba646d59e842d08f9e0d05d3a7dc69669e495892339b65440db334f2e1ce12c8f54da9bf5476297bb56f80d60c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2e7aee94c765a1e37664ae2b50f6c820

SHA1
234c55ca4ed87f1a2e26730335386c01dce8bdb4

SHA256
1fd6592728720a366afeca0bfd881c7c1f45bd5df92b2783001f7eb49e0895f7

SHA512
3149a449e3567d13b10d2deaea66edab1be56e3e0c892bd4ae3beafe9bc8af912b3eb7ab6b0ed0641239f0ca362a841e5e8931a32550291026f7a79c5e8800a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4f6ccb95d2a3b346c00e061fd030a448

SHA1
6f80f88bed3e8463b396915102d5fd99febb3e4a

SHA256
ab41a094531e381d2ec3eb009af84286ca0aa8c798ee43687c9bf8eb104e5425

SHA512
6677662c6208a64f34dc6e54c3bb241e94281d5a284bc6c993d989ae6b8547ea4bba5bd430fc2e69833b6a9fcd673eb3c1dcc63cbdf6dbe2a9b626ba53b87f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c30ce0a78e4919eb2c3a4e7f6be2ab1c

SHA1
a9fd007b33628254575e1d3e7be550442b90f5ec

SHA256
bb730a5894862cfbe0de757b1ebaaf00b2e33d19f8defec7e58bd4e8332f2cb6

SHA512
bd867b2d6792ec011efea2833a7e200bd7827967ce38da23fc8cb7157312b1bcb1f3ce3298b386c6cf76af7d9e82f7f018d061a32403dcd22f621441d3b71d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d412c9a7cc7b4cef387206cb120373ea

SHA1
f849c827128bbb3b9e6c0cac58c9a73580b654de

SHA256
72acffaa9a756fe9b1dfc0732f03ff9dc354c47e67266ffa10321b4b3ae67c32

SHA512
8576797a9ab83ee6d5cb925115c9391778a11e1ce0eb8bcb195edb93f6f9aab3cb278ce6ea9a727ffaf0b28f9d1b02932e53d6b508daffe3aed161316e065249

Download Submit