58193835b6593a9f7b3753538e2e10145edcf108708e182ed0e6be8ad10c8399

Analysis

max time kernel
145s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81c7f71bfa9aac0a56f6a3406030ca19_JaffaCakes118.html
Size

10KB
MD5

81c7f71bfa9aac0a56f6a3406030ca19
SHA1

6ec526e0158bdc97afbf21f80fd6f95ed63ffd13
SHA256

58193835b6593a9f7b3753538e2e10145edcf108708e182ed0e6be8ad10c8399
SHA512

03882d1b9634aeace22ee8d8ca55e45d4625af2fed5a1c96b1c87127850f44348617330ff40a3b4327687defe25c7622b9cc05ce657f94c0b7e137589e7c4892
SSDEEP

96:uzVs+ux7k5LLY1k9o84d12ef7CSTUkGT/kvx0bp9sMpNubPeRrlVHcEZ7ru7f:csz7k5AYS/Ba8edPHb76f

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
3988	msedge.exe
3988	msedge.exe
2440	identity_helper.exe
2440	identity_helper.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3988 wrote to memory of 4868	3988	msedge.exe	84
PID 3988 wrote to memory of 4868	3988	msedge.exe	84
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 1940	3988	msedge.exe	85
PID 3988 wrote to memory of 5072	3988	msedge.exe	86
PID 3988 wrote to memory of 5072	3988	msedge.exe	86
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87
PID 3988 wrote to memory of 1676	3988	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\81c7f71bfa9aac0a56f6a3406030ca19_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee54b46f8,0x7ffee54b4708,0x7ffee54b4718
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1562123144324578208,3340330500554243596,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,1562123144324578208,3340330500554243596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,1562123144324578208,3340330500554243596,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1562123144324578208,3340330500554243596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1562123144324578208,3340330500554243596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1562123144324578208,3340330500554243596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1562123144324578208,3340330500554243596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1562123144324578208,3340330500554243596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1562123144324578208,3340330500554243596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1562123144324578208,3340330500554243596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1562123144324578208,3340330500554243596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1562123144324578208,3340330500554243596,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
506e03d65052f54028056da258af8ae6

SHA1
c960e67d09834d528e12e062302a97c26e317d0e

SHA256
b26d2695dfe8aed4d0d67d11b46d4542c3c9c8964533404dfe32ce7a3e6cfb98

SHA512
15da55267433c41febebbe48983023293c6d436f89a56138cef1cea7deb5cdd7d4bcf58af12835e1152a8ec59e08cfc965e521eb54eed47fe44e1f4c2d1557a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a15dea0d79ea8ba114ad8141d7d10563

SHA1
9b730b2d809d4adef7e8b68660a05ac95b5b8478

SHA256
0c4dd77399040b8c38d41b77137861002ef209c79b486f7bbdb57b5834cd8dbf

SHA512
810fc1fb12bceae4ca3fad2a277682c2c56f0af91a329048adbeb433715b1f707927274e3e4a4479222f578e8218663533440c71b22c49735a290f907cc0af1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e24002b7ca1cf1ca42abe4dccaf5ad95

SHA1
38b86335b778889ec4573e01c38bf85725132d71

SHA256
8726d8fb7b02893b42b46f4b23d21d861a017696eae06eba26b682d26c8432d5

SHA512
d60389776f5364943eda4a5ce908a0b6ed733b6b3ec46646591ce8d326858feb38f2a261fc1e1f8c36451978b949b58b33bc0441172258663a40a789898380a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3f959fc8e184ad3f89bd48eb90089c0

SHA1
6a00558977d0aa2b3a1bced7a106d5ffd5a897af

SHA256
6e1e00f3516ddbf6d84a90815b9c8aab57e4b5bd623d654c53440d92b827664d

SHA512
4ba98b03b588b035a14b2a7e10aebd1d041f7aa204a8d316485e43eb5f6bddb54960f3f7c531546a4d7e81334226e7844ff251e2731a129678ad6456ac5fa16e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b811b2a03f97a3fe24e96bb43adbe5cd

SHA1
42c1b175df9eff35ff3a8c87056ced7dcc19a8ac

SHA256
5e375851f0723abc6f8a85bd496e3e4ca873e24b0c4b4f83cd62360c39618d94

SHA512
a2d6156ce2ee192afe5b48fd7d8b072aeb8bc59a809273dc1b677163a58606217a42c77cdfe20a6cd4c5b6011e61b5738b413a1a27e1b44b0757abd1c5fc23af

Download Submit