baa23165c8e63cec6702311d5e28b888f89d0092603c70e418194a41f56a2f3f

Analysis

max time kernel
150s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240729-en
resource tags

arch:x64arch:x86image:win10v2004-20240729-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78e0e909a6908c418c00970b54e3b0ad_JaffaCakes118.html
Size

1KB
MD5

78e0e909a6908c418c00970b54e3b0ad
SHA1

b068be2cffa62c878b892d13088516e71a1d4765
SHA256

baa23165c8e63cec6702311d5e28b888f89d0092603c70e418194a41f56a2f3f
SHA512

fc358a01d78426255adb172d574b3f8d9894d978c5dbe29ae1d83265b7544be8291de7d279546e85c60df2d5db3c1d435f52d6a49946e102db8201ff49d440b7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
3456	msedge.exe
3456	msedge.exe
2708	identity_helper.exe
2708	identity_helper.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 1876	3456	msedge.exe	82
PID 3456 wrote to memory of 1876	3456	msedge.exe	82
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 3980	3456	msedge.exe	83
PID 3456 wrote to memory of 4612	3456	msedge.exe	84
PID 3456 wrote to memory of 4612	3456	msedge.exe	84
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85
PID 3456 wrote to memory of 4196	3456	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\78e0e909a6908c418c00970b54e3b0ad_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe01e946f8,0x7ffe01e94708,0x7ffe01e94718
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13725893169429282102,4174104750019024342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,13725893169429282102,4174104750019024342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,13725893169429282102,4174104750019024342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13725893169429282102,4174104750019024342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13725893169429282102,4174104750019024342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13725893169429282102,4174104750019024342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,13725893169429282102,4174104750019024342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,13725893169429282102,4174104750019024342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13725893169429282102,4174104750019024342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13725893169429282102,4174104750019024342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13725893169429282102,4174104750019024342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13725893169429282102,4174104750019024342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13725893169429282102,4174104750019024342,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8004d5759305b326cebfa4d67dee5f25

SHA1
36b9a94959977f79dd0a14380ba0516d09f8fcaa

SHA256
21f35e2ac53a817389d7027e99018450993fc66e37f916e454bff9eed95562d7

SHA512
7afba827395c1a5438091bd2762a097f6ea098fcbf3db99f90f9bc442afee7a7841a6e0e83f9cbf017cda0e52d35da93f8efd60cec73638baea5eaf1c85b7089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
368c244e384ff4d49f8c2e7b8bea96d2

SHA1
69ce5a9daeaf1e26bba509f9569dc68b9a455c51

SHA256
6f8cb8fe96a0e80be05e02f0f504e40d20e7f5db23fd0edee0e56bcffa1059a3

SHA512
ac460f1b35bcdefa89104e26379fc5639499607be6559353665a73ee8dd41822699d767532d48cffc67c755b75042294c29e93062d4eab22ca6bcbe054108a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
a0a6fd838fcad4c51d8cb1c6e9d5aaea

SHA1
1fb791f2d29a125e7dac0cecf21c16c6337b37bd

SHA256
3c3d69d8fd04a21b3af2ae3acb703215d350297e3f0ee9fe8d710c6da18551fc

SHA512
54977e78cebdfee87037e7e9dbe02988eafb218794412b2382fbbe1be43396aaf421d9499afbde95f6c8ff25db3043797da29382a405cf36caaeaeceb1bb6534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
507bcb26f517ad9cf422db54fd528dd0

SHA1
de096b6fbd54f5090c286c7c1f0cda54c47ea28b

SHA256
59aceecb8a9c05ec1ba36e39d69fce71c9e794bb2d1d5c089cb0c814df638f8e

SHA512
9afe4ea2932cfc4769799fad35c4588a6df9765bf4efa81242085c2ae4ce651d6492046e92e92f5444ce787c62dea4cdf644c5fb4b0e141722e7b08a5b99b271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ba222f6a19bfac38bdac4f2a582ee0b

SHA1
f8f50831de60fa89b5450f236f6051cffaab4815

SHA256
444f7dd74682ec92f1f95c061eea25d3c4293e8320bfdc7c06538ba86d37a5f3

SHA512
5383c4f9dce0453adabebb914fc1b62f8f03b34888aa85da8d78958690a16ccef36081862918f4cd4d14023097c6e9143b2f5bba93fbc863dfde2e5df52ff8f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a342744f3b1fed75dd9f380f6b788de0

SHA1
1d77dda83ac411f06596bf7239b1c551e0b1f06e

SHA256
3d1babf1a1cb54e8d4d6278059472d560fcc4b83ffb720447898062d6aaa767e

SHA512
14d554d8d3a7994dc196f6bba9690f43a867381c1ae848cf0cd9aed9d19faffeaab319b4e5a13c2f65f030b10bbbff7c484ed546866222d6407c28248b1c7b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ed161dc7362bb649d86587fa68540dd6

SHA1
5d5a12a30bf063d1a6007f06c73e13e615f9aca0

SHA256
9d4d64a601f007758c99a07ab1c762fc789aa2f1c4922e0f0839179c5e85b356

SHA512
df6eb5df75ab967e5fcead959945b7e1cbd1924f831c47e3b788edb3a64312b373bd0d7e3fd9ca2e49a78ad5c41669ee93480971e66aa4480d3f7c44bf4c2174

Download Submit