b7efbe38bc2bb5a37e703f3742bd93d23d3a4d045655dc31aa8a32c9d1f101c1

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81c1d7233dbb64944db5cd00a093bba5_JaffaCakes118.html
Size

36KB
MD5

81c1d7233dbb64944db5cd00a093bba5
SHA1

bacf04af292ec06a07ab40e6e64e99d95ab1c8d0
SHA256

b7efbe38bc2bb5a37e703f3742bd93d23d3a4d045655dc31aa8a32c9d1f101c1
SHA512

c9a9d85dde962956e4d1dabf2977cf23940009b36b65ddf8d8b4d5d0815d0ebc0e7acbacdc8fe153fd3d1486dc435f5f268cfe9cd50b1f578617aa2a735e9a93
SSDEEP

768:xQ3rAVZ/xGn9DO0vXE75HxPlGZLZ9hkny0+wn9A:xQ3rAZ/xGn9DO0vXE75HxPlGJZ9hkn1M

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
996	msedge.exe
996	msedge.exe
816	msedge.exe
816	msedge.exe
396	identity_helper.exe
396	identity_helper.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 836	816	msedge.exe	83
PID 816 wrote to memory of 836	816	msedge.exe	83
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 2100	816	msedge.exe	84
PID 816 wrote to memory of 996	816	msedge.exe	85
PID 816 wrote to memory of 996	816	msedge.exe	85
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86
PID 816 wrote to memory of 1076	816	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\81c1d7233dbb64944db5cd00a093bba5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf45546f8,0x7ffbf4554708,0x7ffbf4554718
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,4690989833693878615,12290646611996470482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,4690989833693878615,12290646611996470482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,4690989833693878615,12290646611996470482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4690989833693878615,12290646611996470482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4690989833693878615,12290646611996470482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4690989833693878615,12290646611996470482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4690989833693878615,12290646611996470482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,4690989833693878615,12290646611996470482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,4690989833693878615,12290646611996470482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4690989833693878615,12290646611996470482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4690989833693878615,12290646611996470482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,4690989833693878615,12290646611996470482,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5528 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
94eddc8c760c6582645d582b4f107cca

SHA1
01860648fbebb62eadd53d3bc58471df3b8d211e

SHA256
710d6dcbe48115aecea88b0a8c0124f5ae5f30225e59dde1bdfcc4574b5e5933

SHA512
1cf9e561257755bbf563df4f348bba14ffbce2faa7cfb96738dd2aa4b166d1ddfee114578f8b84b4d7c59f3d18cadd9ebc5b45557116bf68c2eda0867d9e5484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71a22f9fe81453c6c788bfe09ab8fe0c

SHA1
f4ee9368e5795c5b3f9470e0434358170e7646b6

SHA256
ca6f5b89e7361282ace0d96bba28c2a4434ccecfd0a97d925e9bc61524efd908

SHA512
a36d9a0c814d4293ae70a62a76e8a98e712ad91674a26cb3d8ffd300e22a6cba134e501b4a7e742229a66005db3b508aa821abcab1347b05457f06c712a1d724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
45996eb12c5b1a531a2d9a3f56b913ff

SHA1
c61935c0ab773fc8ca70f30b06620bd6e304c092

SHA256
9f1f531b5d1eb3c957e2a57f0d59533bd7bb5da6f59e230b70b1e942e6dcca33

SHA512
06455d33c060be6c22db298dfd4585f15d853d471e7ebee67e35c7fd2526261e400ca536cc3e3b3acf32175ea3b8ed41ee1c0e5bd3fa811e0217d1a078af42da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a43f422b702449eb4cfc709484d745d

SHA1
216b8bc0d6d8cd6cad30734c61f0c885f2e21ac4

SHA256
10f2d6a01ee7557e954227a94b5a2d884355474fd398eaf1e84b2c734ebfb4ac

SHA512
ba88725dce4d49effd69bdd8d94ead480e4c34ea3adf5b33b021d3aa4dfed2272963bbfbdd5fcfd9a54fbcbfa90aebd77a26f6d1a20925e554320b3e922f7934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db16581fc76fcdceb7f878206adfdc8e

SHA1
d419a2f5efd79359421f78de6dd0dcfdc37daeba

SHA256
e6bcb6e2620421413aa1f2eee431bfdd6c7376b9c9f04b5cb3f05cefee304746

SHA512
24f7e196eeb73256907676a875ffc39b1e5e619bc03289f05860e1b098bbe16b2126feb0388e03c0ad9a9031f600b1f974d2219eb263521cec5b42456bee0773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eaa97a34-980f-4d0a-9878-850dcf96f458.tmp

Filesize
6KB

MD5
2a5bf1eb5d42c121c7a5da545e78ef83

SHA1
68efd9e72ac2e8c5c4686dccf273fdfe9ee25ad5

SHA256
24fb55ab023a3b88332d75b32a7572098c5c504337e84c1b0d8836707117a152

SHA512
ba5f7c5875c804946343e81ab22bd1383aaba36807fcbfca9602bb95a9bb11c4da7313b8e753ee2b7b8eb3709e9b1bf06deb13fe99b84336ceaaef27b692e100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b6da58639ea7e780941b48eef885dd32

SHA1
1295b902cb00f812f82d78fd0175f51bec210ef6

SHA256
03cb392d8fa2a8ad4f514c45d4679c0a2670db7cfcee4abb52360e6808e88186

SHA512
b531a36b2c3c6fb97b21dab53f173b2d4e8aa0217428631152a7670b4b789890cf7da7a00b55be315a896a6aab4dd2079b642ced4bcaad6331617df8939bf000

Download Submit