c90b124f4428d6a6964f4bb6638c1f99383be6310a87bc5a3da49890e1431982

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2024 13:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fc313a8debf96382fe5a205fd15a562_JaffaCakes118.html
Size

53KB
MD5

6fc313a8debf96382fe5a205fd15a562
SHA1

4488cf510904b8664b3d8d934be34c4fb2038ba2
SHA256

c90b124f4428d6a6964f4bb6638c1f99383be6310a87bc5a3da49890e1431982
SHA512

a6e87a8777ec457181ce4d698d90c42a06ff5faead13f1fad74e5926dd5ef1fdf77d29cbb74d74d366ec774389ca9ecd70731de5d8817e23d7236a1c5c4bd78f
SSDEEP

1536:CkgUiIakTqGivi+PyU6runlY263Nj+q5VyvR0w2AzTICbbIoH/t9M/dNwIUTDmDI:CkgUiIakTqGivi+PyU6runlY263Nj+qW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
5040	msedge.exe
5040	msedge.exe
4844	identity_helper.exe
4844	identity_helper.exe
5452	msedge.exe
5452	msedge.exe
5452	msedge.exe
5452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 644	5040	msedge.exe	84
PID 5040 wrote to memory of 644	5040	msedge.exe	84
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 1804	5040	msedge.exe	85
PID 5040 wrote to memory of 4876	5040	msedge.exe	86
PID 5040 wrote to memory of 4876	5040	msedge.exe	86
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87
PID 5040 wrote to memory of 4672	5040	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6fc313a8debf96382fe5a205fd15a562_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbc3746f8,0x7ffcbc374708,0x7ffcbc374718
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,14862577577106938144,13381457595167702926,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,14862577577106938144,13381457595167702926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,14862577577106938144,13381457595167702926,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14862577577106938144,13381457595167702926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14862577577106938144,13381457595167702926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14862577577106938144,13381457595167702926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,14862577577106938144,13381457595167702926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,14862577577106938144,13381457595167702926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14862577577106938144,13381457595167702926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14862577577106938144,13381457595167702926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14862577577106938144,13381457595167702926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14862577577106938144,13381457595167702926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,14862577577106938144,13381457595167702926,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2480 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
403B

MD5
8b7ba0ed44f583fe36b6eaae423d13cd

SHA1
d8e7100834e7ba2dbaedbfd1c9abd801e8e5d37b

SHA256
ab561be8c2ec7c693acc58a119c70561a0249537d026b39db7818ec0597dcf67

SHA512
9b927f0cf24f840c50a4669a0b3de67f658a4779af18735488dce579824ad697be3f052f3c13ba080da30aa2eb03a12f9c7cee5ed5e1d2becfb55c56ea980c99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4383e24ec7cf07a7b66067300181d75e

SHA1
d7bdd3eb9d1b7a21533f39aad5407f637382be34

SHA256
b854f9bf781719fc637726b90e4b2c31efee137fbaf0027fc803c34c72fc7e67

SHA512
07407afa865f2b6521dc958dc66cfe0290ccc9595a44dae8de72204379646602099da8b83d5b511c03f71fb76cc29fa3b3409144f7a3527c8c85cf979294cd11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f8c1868017282fab22de647614c5ff9

SHA1
1c384ce3e76a8fd85a54a9f2b9fba91627fc473f

SHA256
49beebb1c3f8b10fec5465ddd995e776987b7eabab05d062fdb69601b07c1362

SHA512
ba22069884ef5e10c1cfa5bb9f7e318abb7976e5b19e035750258a0599fbf1ae44f2c89d5303ae96933d601d84233fe66f9a30374938632ba8c711c2e2a4c5fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e47f02821d6c46c2004cf8dfa2f4ffd5

SHA1
5baeb042cd76607ab33c1e97d556eb179ad396b8

SHA256
891f520b3711055878f5aacc5565d5352c54e133949c1979df854bd4ff595f91

SHA512
6282eb4f28afea9179d38a10a235b51bd99064279ee552ee08fa5daa5bae894c233a58010a712fe4d546c75529e1a1a3fc747a6f338e74f81d59259d6068e864

Download Submit