114f6085270e3f30c15bbbfd021ad1e74d695d04c27dd41bab2f805469b726c7

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0bf2f2894c1f623d4a19f99c3371d837_JaffaCakes118.html
Size

214KB
MD5

0bf2f2894c1f623d4a19f99c3371d837
SHA1

47c979f3e823ac866c2eb6705b5c5dd4ee3019ef
SHA256

114f6085270e3f30c15bbbfd021ad1e74d695d04c27dd41bab2f805469b726c7
SHA512

0afaf944dade861f275a50f50482ed57d1dd4e6a3c0c8e01295c7f3636627a11a3bf72ca35aa5b2fe6429b07ea64c92977545d9822ef0b95eeabb911b0c9081d
SSDEEP

3072:frhB9CyHxX7Be7iAvtLPbAwuBNKifXTJb:zz9VxLY7iAVLTBQJlb

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1548	msedge.exe
1548	msedge.exe
2924	msedge.exe
2924	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2356	2924	msedge.exe	82
PID 2924 wrote to memory of 2356	2924	msedge.exe	82
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 5016	2924	msedge.exe	83
PID 2924 wrote to memory of 1548	2924	msedge.exe	84
PID 2924 wrote to memory of 1548	2924	msedge.exe	84
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85
PID 2924 wrote to memory of 2712	2924	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0bf2f2894c1f623d4a19f99c3371d837_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ffa1f1946f8,0x7ffa1f194708,0x7ffa1f194718
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2657453125506037096,1848349076427587475,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2657453125506037096,1848349076427587475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2657453125506037096,1848349076427587475,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2657453125506037096,1848349076427587475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2657453125506037096,1848349076427587475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2657453125506037096,1848349076427587475,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f27ad94380903c97b3684da87e3f9248

SHA1
e916fa88f589c0452a8b6639df151e9a8610d729

SHA256
90b03ca144587f599804443bbbba4007b678471e5ae2f126176cdffa02a4a979

SHA512
3bd035273ad5c604707b29e1b7f8d52a00fc9f5aa497ea863731a787d61c200c8f3beee37d984d05d6f0d8f02f215048f5964bf2395e59a0fe5c6a2259e32716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9674f6d7b9c9782122880a5e05b82ae4

SHA1
f13cdfd4bf59e79fe4e73bf6c0d11e1983ba8cc0

SHA256
816339a7896dc20e93834c67320af57aa8b13f8b78acec91a8bf66dc86379fd2

SHA512
64a53c7faf7c5b356dfd6e46e44e0f69aa7c456cfb90f25110d02e25fdd5255cc819bd4d1c0117ee876e1ddb1a7a394ed081572c2d13ff2b4ddc30f2f346266a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1365b58b51039ce6b5200050a1078d78

SHA1
73ccfc360c8e8f56b3c863de9819ca2ddc9b38a3

SHA256
116940ecb091e7a3802b0fece333d9d08a08308430a86b01c9039d8734327193

SHA512
f24770962c84a93a56abf19627d9301f31a431bd2aa466f3420dc627ab8684a9f0504a526042984293bf0d54a610f7d22d30e5c4438a011cd991e75992bad3bc

Download Submit