8280b5899dcebc366bbe1a08d9780cb168c2e07316f4650d6653ffb1c34b85f4

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 21:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0364c25dfab26ff9406cec68771d6b61_JaffaCakes118.html
Size

139KB
MD5

0364c25dfab26ff9406cec68771d6b61
SHA1

72662c2448299cee2103afb280739e76017c12d0
SHA256

8280b5899dcebc366bbe1a08d9780cb168c2e07316f4650d6653ffb1c34b85f4
SHA512

820fc42f165913ecaa10b2028f3ec1773a1c630c33bb7e4dd448dc9b97c9003023770e7cb3049594a3089d64585c1b23a236c29da5d7dda24898de6c079c30b4
SSDEEP

1536:SEwvCE4o2UClweyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:SEwPaUfeyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3472	msedge.exe
3472	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 2852	3472	msedge.exe	82
PID 3472 wrote to memory of 2852	3472	msedge.exe	82
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 4320	3472	msedge.exe	83
PID 3472 wrote to memory of 3264	3472	msedge.exe	84
PID 3472 wrote to memory of 3264	3472	msedge.exe	84
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85
PID 3472 wrote to memory of 3484	3472	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0364c25dfab26ff9406cec68771d6b61_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6719855532930507274,12212328248646560720,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6719855532930507274,12212328248646560720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6719855532930507274,12212328248646560720,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6719855532930507274,12212328248646560720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6719855532930507274,12212328248646560720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6719855532930507274,12212328248646560720,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
477B

MD5
2c38450db70118823085c11991c53927

SHA1
587fd73744adff16be0007535f1be5092e273d13

SHA256
7ac7141873eb58da23b6d92907f5ecf94c8db2554a575cd82eeb30b58a155b39

SHA512
21b5fe037ec524701623f60e8324c830fb93f99b031c54aa193ae03318d883548705d25d317e0c30bcc10744921093d68c6fec1912ddc8e31cf013b8db30b73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6c5e3ba19242a8831f02af6846e9277

SHA1
4055ecb8798891f080c0952b8b3a4d9f091cc439

SHA256
83f59ceb7a0c16d1fbe33549146f37997c5809e382fdbd4c28a8afee55bede90

SHA512
0761325f09b910a183d54ebb3427ed34a2214628c383da31a33563bf142b89c9639c4b73af7de3603775b3d3a14c34451298baef5e360900ccb2f154361075bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
082b33e62d6cfe0d26eeb7d98e9668d0

SHA1
13a2bc7241abe204452d958a764a40922352a06d

SHA256
ca9dece1c75936aa6345c69e24b8d8d148b170f6e00c2a9894620e0e840faa21

SHA512
a35401fadab2db457c0ae3163e98231b1bf94fcf4249dcf1f9aecca7f0f46a1c7a7d4fa5fee84edeaf7bf9ce91cafe740a3006998ab62bca7b6c3eb4d344ba26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c75c72702164d37cbf006a10e0f99420

SHA1
485d2d4dc190e7442b2045b2b13fb3328af3d4eb

SHA256
272f6924156c06706dc9a786a23fa78b2b6723da10e3b1349aa4b1e58881e720

SHA512
7e92e271d18676625e5c0bb8aa2f0da0c35407b2f746eba6c46e400af1d88c93cbaca1572d2897ee1371791c137116b925d5dc51ec29fc40c8e45a78ccb917e0

Download Submit