f7fd1c80ac9d68051e47e4ac7ed74a3436afb1349cc70960a9458a7de097199e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f08926e12bec0f9dea6028592c281819_JaffaCakes118.html
Size

138KB
MD5

f08926e12bec0f9dea6028592c281819
SHA1

ac6077febc77891b67059c4ff723cd70a8091a9f
SHA256

f7fd1c80ac9d68051e47e4ac7ed74a3436afb1349cc70960a9458a7de097199e
SHA512

c48aaf8fd3cbe06faab3240bfcb53629f77a67cdf72d6f69b968d1e4f3404bbc6018a75a57b74c9f3ae5e3c388881ce6613b7138ea5f5d6efbaa0a150001dd72
SSDEEP

1536:SSzZ8pDW2lDt8EyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:SSSDPLyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
1932	msedge.exe
1932	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 5068	1932	msedge.exe	82
PID 1932 wrote to memory of 5068	1932	msedge.exe	82
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 3444	1932	msedge.exe	83
PID 1932 wrote to memory of 4560	1932	msedge.exe	84
PID 1932 wrote to memory of 4560	1932	msedge.exe	84
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85
PID 1932 wrote to memory of 4892	1932	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f08926e12bec0f9dea6028592c281819_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff379446f8,0x7fff37944708,0x7fff37944718
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10328495093854083256,16944921464834986734,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10328495093854083256,16944921464834986734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10328495093854083256,16944921464834986734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10328495093854083256,16944921464834986734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10328495093854083256,16944921464834986734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10328495093854083256,16944921464834986734,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eb7ff71c3243ae49d22185a76405de87

SHA1
57a6e52643feb6325c9e6fff600434b2c5657c8f

SHA256
0c2b2fa9d19e6dc5c9dfc456c3574cc570043413c8718d8cd65b9aa82c34cf3c

SHA512
58507e9f9b190de059d77b5b7bbe516d04ce95cdc356b6b17a765b0a440187e661b2f10a030906e2eed413c73d5f18fbd62c290c59bdd01ae7035355c94a5d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9129a5155719d5f183c7e8a83f0539a

SHA1
6bcf4cc14f3e5b1a0d47da8de8079d5fd3b4e38a

SHA256
5ce9276a40cebf3931193c9e209df91066dc346a71c18805cb47e9970ec0c8c6

SHA512
f36f3798e720e9bbdbf21c9aed5c7dd4e7f9c8d368bd3f1c37133818bab003f8e04485ea999576d9591b0ceb4bcc3a13b1735e965194007f445fcfe4b5066baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6a176b9c6518c5efab719bb905e81990

SHA1
9cd907fcd491784c715782e5507f9ac3b1db21bc

SHA256
eaefdb7d2574a8331f5b077e5a9a9b001fd606cb04fa1b5853336a7d0fa0d65b

SHA512
f9a54d8d1906a9e80176a72817842b01b1600504c28fb436278cb63fb6e8b1e63b003213b9072df0f9c6a965c904aa76359913a7fda5902a268a98d19090290e

Download Submit