0b8a12732b2f74f6fd453f21f6d4ce25901a75965db696a39f54a7ef33c3b791

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 08:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

733f8a7dc6a0835dbb423a2fa46a6974_JaffaCakes118.html
Size

15KB
MD5

733f8a7dc6a0835dbb423a2fa46a6974
SHA1

97d06819c8a989bcae7f401471afdfd87da331df
SHA256

0b8a12732b2f74f6fd453f21f6d4ce25901a75965db696a39f54a7ef33c3b791
SHA512

8282d4a1427cefa87944352fad8200f12c09aef279833de7077661d61472a0ab76a22efe2ca4b77895e902765679e8b4d883b223f336745790e45f0fb1349af3
SSDEEP

384:FLHf02Reos7BDQFTSeBjwORG8LVK4mKPYhoQ:K2RPkBDQwujwYdQCe

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1092	msedge.exe
1092	msedge.exe
320	msedge.exe
320	msedge.exe
4584	identity_helper.exe
4584	identity_helper.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 320 wrote to memory of 224	320	msedge.exe	84
PID 320 wrote to memory of 224	320	msedge.exe	84
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 3076	320	msedge.exe	85
PID 320 wrote to memory of 1092	320	msedge.exe	86
PID 320 wrote to memory of 1092	320	msedge.exe	86
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87
PID 320 wrote to memory of 2960	320	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\733f8a7dc6a0835dbb423a2fa46a6974_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e45146f8,0x7ff9e4514708,0x7ff9e4514718
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2280,17824021465425515914,11267542722498692578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:2
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2280,17824021465425515914,11267542722498692578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2280,17824021465425515914,11267542722498692578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3000 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,17824021465425515914,11267542722498692578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,17824021465425515914,11267542722498692578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,17824021465425515914,11267542722498692578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,17824021465425515914,11267542722498692578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2280,17824021465425515914,11267542722498692578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2280,17824021465425515914,11267542722498692578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,17824021465425515914,11267542722498692578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,17824021465425515914,11267542722498692578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,17824021465425515914,11267542722498692578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,17824021465425515914,11267542722498692578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2280,17824021465425515914,11267542722498692578,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
57f6bf62185795573a89ff5901473354

SHA1
73058325bbf765c8eb0b385a8664947ea8c74f26

SHA256
6e0dbbc349186921fecb204023d705f475869dd245115865f057e81e8f888df2

SHA512
c29c07a619d694a4806aacd3fe8a9aeb4e129477ea74fcc79c5ccd312b83807aefee4680b028c62f6a1a7e0e8344120cd0a976b3c404bf372639bf937c68dc3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
36bcf1d48ddee3b59a4a175f4671276a

SHA1
8f5d057a42f015b968f40618190cdbb1c7844173

SHA256
2771993282f59f32540aefd4d8170dee0849d663eda6e77a3c357cf8c18e9da6

SHA512
d8b46cda84c3d0fc3f58eb58883bafa987e613ab35216115ceae61721b687a80ebe0e3e4ea7d37f3b17389ecbbaea93461208ec6e3122dc87873878d85b6837e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db2d08f03f028a43ac0fe3e10ea6a39a

SHA1
4d5bc8865e6a5e906806ea03d437dcd49521126b

SHA256
12ff276fff8fc83d3b8f21ed2a2399a40d349ea54047f007a43cf3f7f927239c

SHA512
7ffb0056984ba575b34dbeb66f0b3d541aacd4bc8febc4925b91bf1ad02a6d222f143e5317535523ac9a6efafe85b8f83d765c53ab5c24ef9319b19379c2a150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16cf153f15c11ee2ba8818854c8eaedc

SHA1
94d64eea6118d5da1daca5906e172c9d4a86367f

SHA256
93f3304291701c28ffc4e15d2edb389cab8d4431ac6d4dd90dc781849e6b8670

SHA512
dbfb1027f85cb0ed9aec838f73716cca1142f183226b16232de24de20178f83b9fa51f8dfd2e8f8bad6aa80d8e032c3500ed85743198813f2c40bb0a30d09cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
01c3ec633bc9369ff8d2917f00481904

SHA1
a9f16831b07ae848066904fe96bee790616a2e6e

SHA256
62d4ca14600e7fe20bf124ff76634b0ffcce441cbbd0b27143235b83c565de48

SHA512
9c7c37dd8e353bf2472b47c3690b0fc494db5185c7fced4b7416ef2ed104dc2f4ef25550dae87b2f2abc4e338e745fc94d6b605f1aed1c93218eec7d533d278a

Download Submit