597e0206afd78277b86b3e87b797cace75e56cf106e406a8b73fd55104e16d9e

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 13:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1394e4602d5986ae05e8447c8cf48b70_JaffaCakes118.html
Size

139KB
MD5

1394e4602d5986ae05e8447c8cf48b70
SHA1

c054ff7b48baf604dbd6aaa4ab8d1f52ded6c03b
SHA256

597e0206afd78277b86b3e87b797cace75e56cf106e406a8b73fd55104e16d9e
SHA512

50db403a87f27064f80cc2cefa0f458a588a6fb3978cb00d80554ad46c127078f435dc9654842a738bb0ec1d79e584f0b950c50e1ba94d8846f30ae7f4d23408
SSDEEP

1536:Sq9hvgYmljxHyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:Sq3ExHyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
960	msedge.exe
960	msedge.exe
2308	msedge.exe
2308	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2888	2308	msedge.exe	82
PID 2308 wrote to memory of 2888	2308	msedge.exe	82
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 3388	2308	msedge.exe	83
PID 2308 wrote to memory of 960	2308	msedge.exe	84
PID 2308 wrote to memory of 960	2308	msedge.exe	84
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85
PID 2308 wrote to memory of 1304	2308	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1394e4602d5986ae05e8447c8cf48b70_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff51c846f8,0x7fff51c84708,0x7fff51c84718
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2914263883760252345,9625832981352630165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2914263883760252345,9625832981352630165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2914263883760252345,9625832981352630165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2914263883760252345,9625832981352630165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2914263883760252345,9625832981352630165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2914263883760252345,9625832981352630165,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f88c1cd3f0a48c90478f3d41e0d7a43e

SHA1
8853dedd1da26f0ce76ee22c6ac44ffad2198452

SHA256
749a0bb6ba055a05af75257797d469deb90caad36ce00b697ad194141bdc26fe

SHA512
1ffc66e8e2c6bd7e56d5753862fb94649035848cd639b3f97be4e60c450d1952db60472586fde5072f51c01b997ff76442ea79df47e93cdbc29dc76ad719dd6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
26fadffc2bf10534c3ad1ce81cb3f862

SHA1
987f0c3af93f67ed6f6a4b4c85028070c3eb8457

SHA256
7e70676ab2d29c8d801b004a5a4184245de665ce165d49420c934e3c103ae184

SHA512
51359c741345bd7ad1ace46cb1ef83ee14c95c735db97ebb8fd264e275eba450c68433156564d5c35cdd479f35635ca22b99334d5466b73c467b80f1a5631cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9a73725ba00d2eee59349954803a2f1d

SHA1
42b3a047a20744406e201900831eb6d1db0eb704

SHA256
4f4769bd8bb087c0ba9300721b2c73de82bab3772435b71d12bd86d06c8af41b

SHA512
8ef222fb890108cded9d0171e52fdb5bb31788a781dfc039d3f9c3d2e25853ab90a8970897ff79e6866606a5271f99c23d3ea204a6f3c14b5212c9a9717a8914

Download Submit