7e582b3ca3bd53bb2fa9fb966ea197fef98ff0215cd5f9760798191fb1c5ca1c

Analysis

max time kernel
56s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240729-en
resource tags

arch:x64arch:x86image:win10v2004-20240729-enlocale:en-usos:windows10-2004-x64system
submitted
28/07/2024, 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03e729a50c66be08b6274ba22fea4f9f_JaffaCakes118.html
Size

90KB
MD5

03e729a50c66be08b6274ba22fea4f9f
SHA1

1f230509c33d19fc0de9d34c7a2c725db38a227a
SHA256

7e582b3ca3bd53bb2fa9fb966ea197fef98ff0215cd5f9760798191fb1c5ca1c
SHA512

41bbf15d4acb5e7ee491066c376d3b20e5e157ab6efd6f54d9094751585e1e31eb66be1e3707d043caefae4b18bb1a3714ae127b0ecf21f565ad77a84fb4b947
SSDEEP

1536:MnFpBWRW1p/o9v8zAxWzXxfUHCiImowlMASLefB1U6gopyetHsKqCOt4TykB9rbr:MnFpBWRV8cxSXLmowlMAS6fB1U6gopyi

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 1260	2492	msedge.exe	82
PID 2492 wrote to memory of 1260	2492	msedge.exe	82
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 3332	2492	msedge.exe	84
PID 2492 wrote to memory of 1728	2492	msedge.exe	85
PID 2492 wrote to memory of 1728	2492	msedge.exe	85
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86
PID 2492 wrote to memory of 4420	2492	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\03e729a50c66be08b6274ba22fea4f9f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd979d46f8,0x7ffd979d4708,0x7ffd979d4718
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2308,6681693137250289637,1229261178038387759,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2312 /prefetch:2
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2308,6681693137250289637,1229261178038387759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2308,6681693137250289637,1229261178038387759,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,6681693137250289637,1229261178038387759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,6681693137250289637,1229261178038387759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,6681693137250289637,1229261178038387759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2308,6681693137250289637,1229261178038387759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2308,6681693137250289637,1229261178038387759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,6681693137250289637,1229261178038387759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,6681693137250289637,1229261178038387759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,6681693137250289637,1229261178038387759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,6681693137250289637,1229261178038387759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2308,6681693137250289637,1229261178038387759,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 /prefetch:2
  2⤵
  PID:2536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8004d5759305b326cebfa4d67dee5f25

SHA1
36b9a94959977f79dd0a14380ba0516d09f8fcaa

SHA256
21f35e2ac53a817389d7027e99018450993fc66e37f916e454bff9eed95562d7

SHA512
7afba827395c1a5438091bd2762a097f6ea098fcbf3db99f90f9bc442afee7a7841a6e0e83f9cbf017cda0e52d35da93f8efd60cec73638baea5eaf1c85b7089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
368c244e384ff4d49f8c2e7b8bea96d2

SHA1
69ce5a9daeaf1e26bba509f9569dc68b9a455c51

SHA256
6f8cb8fe96a0e80be05e02f0f504e40d20e7f5db23fd0edee0e56bcffa1059a3

SHA512
ac460f1b35bcdefa89104e26379fc5639499607be6559353665a73ee8dd41822699d767532d48cffc67c755b75042294c29e93062d4eab22ca6bcbe054108a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
4c17f8c8418f36c3e18735836ff4576c

SHA1
b39c99323a869b4c0ef7ea59619f40984c310ba9

SHA256
02c0686113056c55aa5e564fe31bb78b14bde8ba546703696173023934260696

SHA512
50f138a91fcfb3922306d2289d01a8cc4b19ee4e57b19afa734814ccc50773288057e68e1de56e9211e75a55602c59bdddb67a70a69ce8c81a6442716af34d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
05d63751a6bd5fb7daa157fceb563a9b

SHA1
e99776e77fc6308e48f09a5a07fbb7ab29b9e258

SHA256
f0556381e1b572527def0289332fae459ee6e98db87f2e46864487cb4b74d7cc

SHA512
3a3c6b8c637da8c55129f57a5844da1c0da7a5bf7947c248a0fdeabd7976ad529ab399b524304b199a0fb4c9a28e1d6c561eb9ee39244e0cad160c38364df00c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
18d2f316ee1b0fc267aa07d6b87c1350

SHA1
10bed789747cb0a5d39c5cb8c751f342f4329156

SHA256
7203b34714c6296ac1000e840bfa4d054690f8c57b052ab5053ca2ef9c6e3494

SHA512
97809d2d752ebf1d2d751508c1bff2a52985e5a07131b943584718d38ce37a773ab2128934872f91c7d5e0fc66acaf51df839610e9ab78812b19902da94befbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4087cbbd3776759a2e56ae6b685c61f2

SHA1
fa925513833fbd79e46ccc9a70fa4f5fa2f1c081

SHA256
55ac65b4f0af6a4624faf8ef047cc92e3fe87a2ea70210ae9b7605fe0a90675b

SHA512
5eb5f60260f6cb09093dde7fffdc5005cbf7a41c23b43267c2e2901f737b417fbdd21206694d4f1dcf80cb961b193be4ed657e9fe6208861f93a701b657ea549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bbd1a577f4671e5a6b05ae600435cbee

SHA1
adeb48c76c8d96ec68044cf1c24111c74e3022e2

SHA256
88b4563adeceb418ff0201eaefc9546fc9daece3199931c2304b0dd76a55a5e0

SHA512
b35628fd9614cbbab72c7d0ccee0f22d7f1716064bdf3f2e9d96b2b8d3dfd691faa7df4ccf523a4e31a0f671bf0c72ed5da8a07e58a656ffca4e35bdf7d45ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
42d6e8ce5f242c0cbfc18c4568314f80

SHA1
abe8bb3058ebd9404740d80ac4178a595aeff474

SHA256
4dcfaf9b0fd32606096be09e1958204b16bd018290f6e49d10820b223fe13f86

SHA512
75ecf7e4c48f1512e641d3e815458741f638311119d14a2cf7679e60b876b76b2883934dcd69eed1de10ad36c839d746fcc167d1ddce7c34c1729a3501548846

Download Submit