2749438fdfa1d7cc301c5156a783c0e5b44f9eff14f40c7d1d70505a45037a6c

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 08:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3fd85b53d1c6cb33ac7ba0675668642_JaffaCakes118.html
Size

383KB
MD5

d3fd85b53d1c6cb33ac7ba0675668642
SHA1

1548d0f43ec510be2e501b0c3d292f434a217c66
SHA256

2749438fdfa1d7cc301c5156a783c0e5b44f9eff14f40c7d1d70505a45037a6c
SHA512

01f739eca24efc9b57ac2043f832776df24a2a894014e585490d7f3a4036402a558c6a8891c661ee310a5159edeba6ae7b2a06265f54371104bf3905d908c26f
SSDEEP

6144:jmPlJTKJJzaQ3JYmMFSDlY3Q4Wp29xix8WLXaCy3DCSTooI6xDSwxDu4Ha6bDXRy:C9caYXZ4Wp29xixbXaCy3DCSToojDxD4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
208	msedge.exe
208	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 4424	208	msedge.exe	83
PID 208 wrote to memory of 4424	208	msedge.exe	83
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 3060	208	msedge.exe	84
PID 208 wrote to memory of 2584	208	msedge.exe	85
PID 208 wrote to memory of 2584	208	msedge.exe	85
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86
PID 208 wrote to memory of 1072	208	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d3fd85b53d1c6cb33ac7ba0675668642_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2e9046f8,0x7ffa2e904708,0x7ffa2e904718
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5204 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f18e6b8c4d5e34617cececec16f1a309

SHA1
5cc4cd065b6a136cab2071376d3904f77a8deeb7

SHA256
0cb658c967b449775615e6f3fc8e250b017a3f61093dbf07d5ad105a1e5e2611

SHA512
3149c5ae0a9820061eb25347d29a20ddac529c16a00f9706f152290928685ebac7977785e030898f98e5d76b963d44a6e4c4eac99f249824ebc42aff75d4680b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ff11b98f09d74f9b43be13ee7225ea35

SHA1
bf74dabaa2f5d7f313d101e0a7f5949716f99628

SHA256
b72fc95a22f3d3a780d858384fe1c9754a4b30d754e37e5750971594966940ba

SHA512
af8602165598892b9ffe4409ca500df497d7a1205c73c42fe4c52b85586c85a055674304e9ec9a3bb6ec0b57040f523058a2a499c53fff2de6209ccea439da09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e057065d1bf7b54c8822771379bda691

SHA1
7bd5e38ec5129d6ebc425eca29c7d98181be89c6

SHA256
ae81aaf56da4adfe849743d0459c4d3a639dfff0144712ac36cf9944db265320

SHA512
39a4979cca66a87851c4ecbb93bc64c5fabf0c6cc7d9a072170272b1f7541c9f7f38c0b81634342362e22dc2d907d15abc638714fde06bb3047766dd72813ca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cf5d68d4831edeee89f194d5f834b661

SHA1
c79af97ab2be80c5e995745327ac290db02fe8f6

SHA256
2bc0ba03479b82ed9e73b8a828b66361a39c0d78e7b0cf9bcac555ecb09d5fe7

SHA512
d5f398ef124f5e96b298b4f4647f9e9db812fdded08bbcfbd41a26d607980893f110179c621e9518592e8f593aefabb556c9cc839d4ff349d753ecfaec339aa7

Download Submit