24e1a3590ccdf592441807dad8b8986a823debc32ca6c658d99fe0909259b0cf

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 18:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7547a53e64957f5a0a121bb4f7d95c7f_JaffaCakes118.html
Size

2KB
MD5

7547a53e64957f5a0a121bb4f7d95c7f
SHA1

677e603bb2b191e16825461bbdd57170be8a71be
SHA256

24e1a3590ccdf592441807dad8b8986a823debc32ca6c658d99fe0909259b0cf
SHA512

fbe65f8e84d7516ae768955c812aee3a950badf557c7368c73eddc3c59852b0d770258d7080d4e6b6e24dd0b1cf08d4925e47bb1ca6902eb20b79da59c89ba66

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
2768	msedge.exe
2768	msedge.exe
4396	identity_helper.exe
4396	identity_helper.exe
5860	msedge.exe
5860	msedge.exe
5860	msedge.exe
5860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 3120	2768	msedge.exe	84
PID 2768 wrote to memory of 3120	2768	msedge.exe	84
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 4596	2768	msedge.exe	85
PID 2768 wrote to memory of 5076	2768	msedge.exe	86
PID 2768 wrote to memory of 5076	2768	msedge.exe	86
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87
PID 2768 wrote to memory of 4600	2768	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7547a53e64957f5a0a121bb4f7d95c7f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff98e3d46f8,0x7ff98e3d4708,0x7ff98e3d4718
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,18151616469733175259,13228325108196131636,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,18151616469733175259,13228325108196131636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,18151616469733175259,13228325108196131636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18151616469733175259,13228325108196131636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18151616469733175259,13228325108196131636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18151616469733175259,13228325108196131636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18151616469733175259,13228325108196131636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18151616469733175259,13228325108196131636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18151616469733175259,13228325108196131636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,18151616469733175259,13228325108196131636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,18151616469733175259,13228325108196131636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18151616469733175259,13228325108196131636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18151616469733175259,13228325108196131636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,18151616469733175259,13228325108196131636,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
36e5b3486c855ffc275f6435dad330fb

SHA1
549245ff497e2f12600ae228208a0c7edd20c300

SHA256
b4d19aab1d0b8de64cae2fc707aaaf64f2013e4eab0fb14ed7a4b508bdffd3d8

SHA512
6a516e71e62b5caa3f8b6a8f4dfc04deb609d6f89dc01ac62cd981a13556557c84859e700d8f4f9d2def5c059d0b9a7879f9b6508ab6210b6283a38e04e42294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1fe63833924394079dd8e75b456f6865

SHA1
b10b92c5983ca482aefcd0e2f7c503bea7555fe9

SHA256
7d879810689abebbccf05008568438092bede0a258f122b598a1a7fb27fd6797

SHA512
4f04b22120b6639148d13f17b0518ddfea26c76ca83a48d413d625b2455074eaf9d9a2732bd242905ea7dab5419c068e9cd8638b9da6ba1288fd59f331f6bcbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d7624340c92280e94167e46848ae152

SHA1
1693a719927a1b65de63db1760515dbf26fbf0ef

SHA256
b5d3374990a2574bc8010eed1047a809c172b7d3850f1b9d722feabd1fa753c7

SHA512
8d0a96c310e07fe9a32580cd6badcdb69cb325843c05f552586f5d04cc71972e0f6602c21b87e47dda51e7562513b81fde4f2ecd97e36fcfafea86c1946dc75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf269393e29c115614ede2fc60259d43

SHA1
c1a775d518f596a6345461430fd87fa1eacc4d5a

SHA256
25ecfa5a1ff1db5e9f67949b46dd9f395670c21d49b72d304cdf4cbda77a0cba

SHA512
4af2ccda03fb1caf3c30ad7544fe6c61ca4ed21ed0a0fd7f218f3095fa29e7ddee27e76a3497d733de0a017596d659a6dba965be2851d9dfc51fb790a5b4cd4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d7d9f418bfbf8bc0cd841a154a4c2df1

SHA1
12258528079d36f302a4f9bd3eca453b54fc53b4

SHA256
0633c3f582572efd0ba6e64eba5742017857dc5d0c2f47c6d59138b91bb46103

SHA512
9b0c7449b6b9aa3e0d6d562f70f35ae7fef56901fa8f9ce9d1406c8790669c5dcd4d8dd1378e31ca7bb70b3294da291be0f625a996bae6e5ea3dc01a9358d086

Download Submit