788b033f4d8e891eb4e5731a4284a5bc3ba2d79a9e51aae5fc01f4595138dbf2

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b0a2731eef31ed0c6ab0b6c253a6fce_JaffaCakes118.html
Size

101KB
MD5

0b0a2731eef31ed0c6ab0b6c253a6fce
SHA1

3368c4437dabdb68bbda18568f5d9a0c8fc1458b
SHA256

788b033f4d8e891eb4e5731a4284a5bc3ba2d79a9e51aae5fc01f4595138dbf2
SHA512

352f61208d3f1104d2f9a670d3fb9e5b6b53c88eb073b4647d50535b3eb4e40e523f58c35343abff85c980e9b70036a6910347f1793ce1c7a59d5292ac369a8c
SSDEEP

3072:SfI3so9bz+wbPl9ILwbi69WhFkax0T/EVTHxEcaVTAF:S6RTAF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2340	msedge.exe
2340	msedge.exe
384	msedge.exe
384	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 1712	384	msedge.exe	81
PID 384 wrote to memory of 1712	384	msedge.exe	81
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 1112	384	msedge.exe	82
PID 384 wrote to memory of 2340	384	msedge.exe	83
PID 384 wrote to memory of 2340	384	msedge.exe	83
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84
PID 384 wrote to memory of 2108	384	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0b0a2731eef31ed0c6ab0b6c253a6fce_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd65d46f8,0x7ffbd65d4708,0x7ffbd65d4718
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8148291120148968982,4042854599090229384,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,8148291120148968982,4042854599090229384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,8148291120148968982,4042854599090229384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8148291120148968982,4042854599090229384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8148291120148968982,4042854599090229384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8148291120148968982,4042854599090229384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8148291120148968982,4042854599090229384,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ea5ddd563c0147282c011c1a73f796ba

SHA1
c81be827647ea491e7b50d049681dd3ff9c38882

SHA256
2b029c10d78bee981bdd2fe881ba631f4d6cf129af52b0dc633e6eba58f40299

SHA512
eef90fa213fa48ecd9721b9c09b332926a74eef0382df5430a77455b399b31b736bf4f06977458d5bc05af07e7f55214eca3f8068bfadeb06e642274678a5eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e495d9cd6adbc8d8400f7029af6cc98d

SHA1
3ec0cfc5696916ba8070d1b91d12db4d1143b5d4

SHA256
adbfeceecf55128360b7bf770f073c239329f79be8e70962e5a8da5ca8080074

SHA512
6859fc756a4bb2e0332550136e26e9fbe866b069c10b31b77a9467e2fb700a155449e2ac1f69851c8dd56e9b49b88725331a5cc03be8c5f1e631d4f3d3fcb00a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\dc3ed929-75d4-410e-9090-0c1f96ac6f57.tmp

Filesize
10KB

MD5
80697544f61415ba08a7ec73eb46a52c

SHA1
746c091c02ee89463de3b02ab16bfcfec75a1ca7

SHA256
66c72eaf3192483add722399ec9aa145a56d977332743fdab6b44cef3b8859d5

SHA512
06c406f71368f01eeae5c28088252e3ef3fbe1bba011c701b5ce879c2125737d5bc33ec0cb93880e7c2b23e0cf318bd21a8f91491fa36d62031955489b19dcc3

Download Submit