b4031fbef77e4d94a0a3a8656b50bee571c38542ccab9b166e85331d25eb9652

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 10:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12f38f2971a7dee13f9edc53d89ca1ce_JaffaCakes118.html
Size

138KB
MD5

12f38f2971a7dee13f9edc53d89ca1ce
SHA1

92937c0961992c6b17be68c8b00e4511230aab1f
SHA256

b4031fbef77e4d94a0a3a8656b50bee571c38542ccab9b166e85331d25eb9652
SHA512

388e3323fc15e10a7126f07966ae7455a9c9f49b4be8107fb17b5d1c4effc3ef5f63ce232e152f1394e898bc012b4d487b5ead46245a8e09cb756419b85f17c5
SSDEEP

1536:SGDTsQ5lmOyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:SGPyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2520	msedge.exe
2520	msedge.exe
436	msedge.exe
436	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
436	msedge.exe
436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 956	436	msedge.exe	82
PID 436 wrote to memory of 956	436	msedge.exe	82
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 1808	436	msedge.exe	83
PID 436 wrote to memory of 2520	436	msedge.exe	84
PID 436 wrote to memory of 2520	436	msedge.exe	84
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85
PID 436 wrote to memory of 324	436	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\12f38f2971a7dee13f9edc53d89ca1ce_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdef0446f8,0x7ffdef044708,0x7ffdef044718
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15118719145568868808,8200615627040395847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15118719145568868808,8200615627040395847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15118719145568868808,8200615627040395847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15118719145568868808,8200615627040395847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15118719145568868808,8200615627040395847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15118719145568868808,8200615627040395847,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
78ea5ffca6d8eba6cd1132bef2c8bc3a

SHA1
f7b3f532996acb8fcfdb78e49151adc0aa31f4f1

SHA256
52535145026eddc7bed11266c7904114c2f4b471ea79b9db94b0e27b05583ebf

SHA512
77d6de8da7e68e4fd2aa89bd907019d4f4d5f543b8e994b4ce70128a82c8914bf8c6cdf4213504b191c9e9be0b35ffb5902e2867f967948ae12107e6bed13cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
159a77e907dbbb0cae0de1ea70ade73c

SHA1
78721738bf66dda15e845568b21330b27023d8e1

SHA256
81d4a74b3aa41bfc9ec5e87eced6cc4cdf43c3a384e6ad22b0966cc808d7530b

SHA512
7ab573a085774ce79f35a9368253c4a9d95b80bfcc81c7b819bc27628743cdffda047f0b8e972d56715e443bb0b466fca71995b327fe74ea240007d6e6ac972c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
412557e0ba600b6900041c551c7c54fb

SHA1
8d47e5626c661c5d945dc28fc8db725d23baf83f

SHA256
ad7bd6d761b47e4026d03e81b7b9df641b61e8b16b8c363e24e2663771b3b972

SHA512
ec01cc72b9fa9c3a762aaeab445ca73d46a3d980fedfe9722bbe69409f912a1fe73be3bb28af4e4dc6fb4b0b490834a3c4921c68d28a580e6e63e188f0523ad9

Download Submit