484fe769999855b466325078fed1e7aea520a6e613f65ca25fa33bb58df8b8fd

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71086845412d7395fe653bf919b91381_JaffaCakes118.html
Size

30KB
MD5

71086845412d7395fe653bf919b91381
SHA1

b141b51e1ff97ed2590666927d420617a55daf59
SHA256

484fe769999855b466325078fed1e7aea520a6e613f65ca25fa33bb58df8b8fd
SHA512

f9dc5b0414c12fc85315bbd71f1426ace1a68440b51e7e66e3b34d39b7b85acf6656e381e53d13ad5852c12f14cd431ecb6ca6fa120daf7fe537da047d6d1055
SSDEEP

768:SbSbFGvb7Y5ubDsDkAJ2dDFiN1YwJot8Lt/pZPk:SbhQ5usDk5jm1f/fM

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2820	msedge.exe
2820	msedge.exe
624	identity_helper.exe
624	identity_helper.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2648	2820	msedge.exe	84
PID 2820 wrote to memory of 2648	2820	msedge.exe	84
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 1412	2820	msedge.exe	85
PID 2820 wrote to memory of 2236	2820	msedge.exe	86
PID 2820 wrote to memory of 2236	2820	msedge.exe	86
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87
PID 2820 wrote to memory of 4168	2820	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\71086845412d7395fe653bf919b91381_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa515b46f8,0x7ffa515b4708,0x7ffa515b4718
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,966412206654550514,11622553543272799575,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,966412206654550514,11622553543272799575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,966412206654550514,11622553543272799575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,966412206654550514,11622553543272799575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,966412206654550514,11622553543272799575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,966412206654550514,11622553543272799575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,966412206654550514,11622553543272799575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,966412206654550514,11622553543272799575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,966412206654550514,11622553543272799575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,966412206654550514,11622553543272799575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,966412206654550514,11622553543272799575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,966412206654550514,11622553543272799575,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
de8c81fed615e5ca2fda8b8a5766ef20

SHA1
404f8c3e7b591f727e2bd20c21e96b977f7aa064

SHA256
b6596916ef931c2e7697a166bdfa2fba1e421c6cfd6b25dd4a8fe6112ce1458b

SHA512
dcd98555b91b7d8ca70a442f48a5d5b822fd9164633281c53e0dea33c72d8cda9105ba5db62975fa1019509369eda107b689e9e854c8880a795bd42ea6de8057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
20b89fdd038181966d81950cfb439b90

SHA1
f2a9fd17ffa1381051c45002b943728e0191cd44

SHA256
1d9fdb9fb480f32b25316005bbab1ba56b17a60c13bfee36fb07cf29a0e62695

SHA512
ce4bedfad2114e5601772f5b138aef51f7b1e43d4fd6a20d52e126bf6cdead78e26269494d26539f0bd46549fc85a6cb4713546b9422e5387a33c047656c261c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af645ffe1ad269ee8e77466c691c76ea

SHA1
3b45406c3841cba92d88343eac06ca33f4a7ef62

SHA256
7b7c39e58fbb8a3a0947f2bccf5ef40548b419f6c16d40d80c8082017970874d

SHA512
19388e68e01117e5a3b5dfde9b3ad39ec4f87c821493a2b31d01f0fe88189285466e3889af9b1ec7806b965771e7d748ac123ffbe3adcf5b6bc6bba55349dfc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac83439706dfc9d5aeae7a098b098c3c

SHA1
272f48b3b7a36900558c5fb50b161556ba86f48d

SHA256
688097dea16a40422aa24480c1189d02a3fbf4f60c015a9066cbb6807876f718

SHA512
d8aa29e03d33466b695f57b4af75830c15f34b06f1bdf1773245ae1f5e3fadd3790a87effa9a7c82fc60d731befb899442a78e5ba523cfb2886fd4cb697b3045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c6a833821d8755e1dcda2cc371e7decf

SHA1
b54925593a7dd9eb4019609002517494d9dfae61

SHA256
fcd3e1bb9c1c95aea061e9558ab3ec7fdc0e6cb4b75a85cd8ced149a54688e34

SHA512
213e6afb84a7975e82f7321e1367f2b661680a16b9c5799169ae6d9782fbbb1dec6ffebdbf33810a40150564b5851761c4292e63baf8ca2f7bf5fdee077725fe

Download Submit