2d48183817ff4bbdad60d495d570baaea657e6ecc6dcb84b13169e3df9fcfee0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 01:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

082bc2d84c42d0d4724a67f15d21548f_JaffaCakes118.html
Size

139KB
MD5

082bc2d84c42d0d4724a67f15d21548f
SHA1

6f9e98c6df303fcd2406afbe91539e3a190147ac
SHA256

2d48183817ff4bbdad60d495d570baaea657e6ecc6dcb84b13169e3df9fcfee0
SHA512

e846aeee9465f9ea225fd8214365d6e1af8434ab9fdae5e6b1de16b2e072d796384b6076eb09dad9c976620c6cd487e3b3886f2387d318baf055aba2e367c7c3
SSDEEP

1536:SUz1Y2slZ/6yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:SU26yfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
1308	msedge.exe
1308	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1308	msedge.exe
1308	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1636	1308	msedge.exe	82
PID 1308 wrote to memory of 1636	1308	msedge.exe	82
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 4020	1308	msedge.exe	83
PID 1308 wrote to memory of 868	1308	msedge.exe	84
PID 1308 wrote to memory of 868	1308	msedge.exe	84
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85
PID 1308 wrote to memory of 2168	1308	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\082bc2d84c42d0d4724a67f15d21548f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd62ac46f8,0x7ffd62ac4708,0x7ffd62ac4718
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8932423272537685281,13262386301196464795,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,8932423272537685281,13262386301196464795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,8932423272537685281,13262386301196464795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8932423272537685281,13262386301196464795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8932423272537685281,13262386301196464795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8932423272537685281,13262386301196464795,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
05e66f00f3eaf50fcadb936e0e1ca0cf

SHA1
7ee4cae824f785bedc77337046408406b14e288c

SHA256
f97534a946422b53c6bc8324b39fa6e5596deb97ada9197d0c7251e64d97ff43

SHA512
c428ec601288d4c0709c51dd71f1015ebc3eb7512f866f94010acac16cabaa071a56878c608f03e34fba6d6aa3c6934d4311a38486ee15ea47eb1753dc1df828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a9f08d952af879d0c81b391180d6cc0

SHA1
4e5d3ce0286bc0aa09636ce14f5cd3741aa25705

SHA256
55d06c232c99a2863d47c159556cf24af6f06088e41081373cd34ff98224d820

SHA512
81f5b0cf1888c9163b5944e980f7c062efb7962c45146eeb24a58f02cd18a8e2e9539e0b247e0567ceb0c3a9496200a3508def12ce44fe3f9ce1d38e6069c813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c4c945e0bdea07bba00a682a7e1b0f04

SHA1
8226df28fab26a39741ea55c182dedb5ecb0bb5a

SHA256
7648469209e191b0ba33b215cec8c7c5f04385b8215f06675d80bc0136381974

SHA512
d9fa2c20d375d78551765d193c9fc9de74d7417d909b57f6485c22e322af945b2f2721acd38c9cf3a8e35e331897e3d754c611a4c6d390163350f6a0653522ec

Download Submit