cb11b5ab264666a58f412855036b281628b79db59f6ce507bbc40d20e827a0dd

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 06:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

72e3125a367be64c74bca4ebbebeab4d_JaffaCakes118.html
Size

118KB
MD5

72e3125a367be64c74bca4ebbebeab4d
SHA1

27635d99842b09ecb7fb59880a86a12f58f6bebf
SHA256

cb11b5ab264666a58f412855036b281628b79db59f6ce507bbc40d20e827a0dd
SHA512

18de919e5abae49143192279eb6a35a6021b8eb7ac670fbb931cc232c2d58b22187d891640615cbf216ef3c72f9c7dfdace447b49a1d5c8066bdbb3440de26b2
SSDEEP

3072:rt7tRtKEpvOo1Uye/9Xc6Kz6IeFV8PHvSjbDnUpxnRJLPoq1B:rNHUEpv7o9XNKz6IyEvSW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2480	msedge.exe
2480	msedge.exe
1032	msedge.exe
1032	msedge.exe
1684	identity_helper.exe
1684	identity_helper.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 2428	1032	msedge.exe	84
PID 1032 wrote to memory of 2428	1032	msedge.exe	84
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 5004	1032	msedge.exe	85
PID 1032 wrote to memory of 2480	1032	msedge.exe	86
PID 1032 wrote to memory of 2480	1032	msedge.exe	86
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87
PID 1032 wrote to memory of 4260	1032	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\72e3125a367be64c74bca4ebbebeab4d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3ad746f8,0x7fff3ad74708,0x7fff3ad74718
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,8538645481313481940,8197600624872746621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,8538645481313481940,8197600624872746621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,8538645481313481940,8197600624872746621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8538645481313481940,8197600624872746621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8538645481313481940,8197600624872746621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,8538645481313481940,8197600624872746621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,8538645481313481940,8197600624872746621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8538645481313481940,8197600624872746621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8538645481313481940,8197600624872746621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8538645481313481940,8197600624872746621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8538645481313481940,8197600624872746621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,8538645481313481940,8197600624872746621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2688 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
341B

MD5
fb4c73becdd3a14fe3b157e530c0ad02

SHA1
6f39c826c981cd902f4f1cb6e113cb57717db4d4

SHA256
4bab6338cdc45940c5cca6a31e6e45e881776e8e86ef4036de846c49d119fa0e

SHA512
ef02a61cecbef5b004a3bd5b65cf30199673aea57ef83c687bb228ac22255dd8e0c2b8246fe5f87d3f0157702d1f0a6d29a3e9f6ce1002623b18a6756650f39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
92cc0cde75b4d8344650693fb06bdce1

SHA1
debe9531de9eaab3b693b92d5783226a1c74f057

SHA256
9213c635719db0a77022a818dda0a90fa6224e2f9062e5ace639817d7720beb2

SHA512
2e0900b5e7cec69279423ae1eac918a76d88a1526fca522a8f39f8f59711979be81b9349ec38509628cfbed314b4befb1f95a317b5f89552245f3e039f5994cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
201be3535b535b0a28703dd9dc05b550

SHA1
130b7b5ce66e92c9515826fb094dc3055a13a3f6

SHA256
3fd3728de0891d7a0cdbd274c743e0e70c36c827dcc69e34999718c688e4a193

SHA512
d6658777a10386fb31f0b965e45fb17a725c1b7f5c836a14f5430524f1d2119351246decaf04c29e8bc91861ee7d04191a551878e3c3271ec76a9feb01a2ef2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
43e2c6dd72403ab4c24a8b228d3a7d09

SHA1
9b330cf40d0eba15111862b0ffd23d8f6a6624c0

SHA256
31c55b58c4a00636353ce2368c1e2f52ee312e7724f985a160fa842b53bf3547

SHA512
ba69fcd8ffda49c3beaff56adb1af4b2c3d59ec6f04ac98605fe82f745df9f975fcf357148fa0914d4fd82ee129ab946aed3140ac7236c492cfaa60869a975c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580877.TMP

Filesize
539B

MD5
67813ef7f69cd676197daac529bfa80b

SHA1
b5e17a9ef1ce6c2df3b5b98f3dd3ccc8498ebdac

SHA256
62cfdf623398ea4b9bca0d8e47a7a19ad4bba368bcbfca0f6fb6159fd3af3900

SHA512
0c674483b00342f9a678963b03983546c96d74042ad4d3e6d9ae4fe798744a3eb313ae38a6b5569c79ad58d387b62b30f82e2b7fe2eeb46ca2c8e5a5f903234d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
905325cb72453cf24ca01d039f0a0ae9

SHA1
871c5c717f3af778046ac2b525797f53588071d7

SHA256
a79f6ce29b840fd1a501d0b3cf3f68a8db519a7c961cd8b11d714303938e6404

SHA512
ef9c9d15ce1fbc6c35b2f25542f6fadf0645535f52167778df23d73c969f2f906c85304eba176986452632865bbe1dec5fb6490f1c3438a9c6bb1f5fcd63b705

Download Submit