cfbbdf02a8341ebbccd3e20f04b92a388549af2cfacd57c475fb1df977f1b9f2

Analysis

max time kernel
145s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
28/07/2024, 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04e0006f01e023101ea2ceec9d22a973_JaffaCakes118.html
Size

98KB
MD5

04e0006f01e023101ea2ceec9d22a973
SHA1

2f97d1bbef7372885dc9f0091ad3d409620b7735
SHA256

cfbbdf02a8341ebbccd3e20f04b92a388549af2cfacd57c475fb1df977f1b9f2
SHA512

c67db6ff0d23e944b453ca1b6f86c730ef962316a5025a98eb4160e99677075f61f205caf54353bf51dae38e8a9f6b459ea3b87ec1983810c8440b8fc844e3df
SSDEEP

3072:SpEHWwbZpxv1ABJXtnlQ5xp5FRlwxi7oVgZ2rhYJZC0pWCJwxY2Wh2TtJybgMTrt:SpErNpxv1ABJXtnlQ5xp5FRlwxi7oVgX

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
4240	msedge.exe
4240	msedge.exe
772	identity_helper.exe
772	identity_helper.exe
1144	msedge.exe
1144	msedge.exe
1144	msedge.exe
1144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 3580	4240	msedge.exe	85
PID 4240 wrote to memory of 3580	4240	msedge.exe	85
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 3128	4240	msedge.exe	88
PID 4240 wrote to memory of 2648	4240	msedge.exe	89
PID 4240 wrote to memory of 2648	4240	msedge.exe	89
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90
PID 4240 wrote to memory of 3504	4240	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\04e0006f01e023101ea2ceec9d22a973_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff946d946f8,0x7ff946d94708,0x7ff946d94718
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7154820551120616420,6483688341312323751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7154820551120616420,6483688341312323751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7154820551120616420,6483688341312323751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7154820551120616420,6483688341312323751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7154820551120616420,6483688341312323751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7154820551120616420,6483688341312323751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7154820551120616420,6483688341312323751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7154820551120616420,6483688341312323751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7154820551120616420,6483688341312323751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7154820551120616420,6483688341312323751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7154820551120616420,6483688341312323751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7154820551120616420,6483688341312323751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7154820551120616420,6483688341312323751,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
da12aeabf78f8eb8baa44f72c37a126e

SHA1
8218467beaa6b1440430e8397080773d1d82f0a0

SHA256
d81a6698793b81c3339a0e46532d2ae8f05c0c7fdfe931a3d912b82065f71fd8

SHA512
80a4c8d7c50a72776376699736159ba589b7453243ccec7d60806c5338cbb51fdc3bb6e5a382aefb6d71c258af4699fbe61eac1ff7dba90f45cf48cc22a78178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7286b50e4c1415397b73f570bc84c3a0

SHA1
676bf44118f063c66923739aa587328a2b45ef4c

SHA256
2686289364bbdf03df8150418928c385e16de2cd56f210a23e28a0d4a88b1ead

SHA512
d63f49bbf0fd6aa5baa060aaa716f55fccfeb35c986b6d3a38413326a8501d92024846024832b2cb23b1f2def1242eb24aad27a2f547c10ca880bbeb5a67637f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b509006e0e748c7c7e24d15942102784

SHA1
916547c4c2761d992880cbfdf9e7726dfd05eb42

SHA256
8fc5ad11c435fa56fed0f8eb8e7d42b5bf0fa87eecb455a6b1c48d55277f4864

SHA512
c14e3da01406ea50baaaa667bfe4b494b0500487d5d61c80e104a59ffa76eae8d5a7a17988def4fb61b14a2f1d22d871f1ab4d6ba5e1975d207cfc304b9cd61f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f637eaad919dfd3117694b7abeb08625

SHA1
f196eefb72872fe6ed8f42710e7f30a8ea1fff0e

SHA256
720346b2ec8db81334f3cb7e7303acec2b2fa557bc4a1e380b522acde56a52f7

SHA512
bbc25b7bc926beb4b6654ac5a4808ce2f71b54c85899914b21961c7898ec239f6a1d73554fa0487659b89e1eef196250f028a74dbd4e865c9511aedf75b3b3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b84017a6fad16f2fc4b8b2a7de2d9f27

SHA1
4cf23b5c69c15abf39fece9e1ee0b3ab317b0714

SHA256
48c29fd3b63196d40b1d7a576f94711feeb72691c8ca237ce23431a6a538c314

SHA512
3521f009de2ec7a2add37123b8ad03b681b022b16d55fbc53916f1b41a016a38a87d89c93e7ca654fbfb42ddd4e666c17f6aa2658545efba1f46e3d7c6cfff59

Download Submit