18443012d336e973dae04f615295c54506f53151793fe5622580310d430d271d

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81c53a6684a5cfb176db5129ebb2c3e4_JaffaCakes118.html
Size

9KB
MD5

81c53a6684a5cfb176db5129ebb2c3e4
SHA1

c8309998582fb538ee40b306b406e5be2e35ab59
SHA256

18443012d336e973dae04f615295c54506f53151793fe5622580310d430d271d
SHA512

2941b201eed345559aa52410989cd9e3d9ce241f74915bdf78069324d34bd0b0a2cc9c7a91e0b14b26f9f29b986c2df9e476cde1580c0b2a990fdfedffb457a4
SSDEEP

96:uzVs+ux7Pg0LLY1k9o84d12ef7CSTUGGT/kPsepUlVHcEZ7ru7f:csz7Pg0AYS/P/UPHb76f

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2492	msedge.exe
2492	msedge.exe
2588	identity_helper.exe
2588	identity_helper.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2700	2492	msedge.exe	83
PID 2492 wrote to memory of 2700	2492	msedge.exe	83
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 4724	2492	msedge.exe	84
PID 2492 wrote to memory of 2652	2492	msedge.exe	85
PID 2492 wrote to memory of 2652	2492	msedge.exe	85
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86
PID 2492 wrote to memory of 4592	2492	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\81c53a6684a5cfb176db5129ebb2c3e4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93de846f8,0x7ff93de84708,0x7ff93de84718
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,13381189074553555659,16728847598453751480,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,13381189074553555659,16728847598453751480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,13381189074553555659,16728847598453751480,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13381189074553555659,16728847598453751480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13381189074553555659,16728847598453751480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,13381189074553555659,16728847598453751480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,13381189074553555659,16728847598453751480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13381189074553555659,16728847598453751480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13381189074553555659,16728847598453751480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13381189074553555659,16728847598453751480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13381189074553555659,16728847598453751480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,13381189074553555659,16728847598453751480,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
506e03d65052f54028056da258af8ae6

SHA1
c960e67d09834d528e12e062302a97c26e317d0e

SHA256
b26d2695dfe8aed4d0d67d11b46d4542c3c9c8964533404dfe32ce7a3e6cfb98

SHA512
15da55267433c41febebbe48983023293c6d436f89a56138cef1cea7deb5cdd7d4bcf58af12835e1152a8ec59e08cfc965e521eb54eed47fe44e1f4c2d1557a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a15dea0d79ea8ba114ad8141d7d10563

SHA1
9b730b2d809d4adef7e8b68660a05ac95b5b8478

SHA256
0c4dd77399040b8c38d41b77137861002ef209c79b486f7bbdb57b5834cd8dbf

SHA512
810fc1fb12bceae4ca3fad2a277682c2c56f0af91a329048adbeb433715b1f707927274e3e4a4479222f578e8218663533440c71b22c49735a290f907cc0af1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff7962b5d8e7494e710f5f8a89724ccc

SHA1
91829589d7d2b1df981f55df4007f7e11ca868df

SHA256
888fb528758f6d5a6abba5c393436a041aa5aae0712a6daff28fdd287f53a717

SHA512
444d9929df35a422e0cda1ed4549a31095d55c6988f7de7fa783f29b81b5136a4865947dfc3d5a14f881e7a9471de6fb7e2263be51b44b89b51ed0ea687a66c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40c888af9cd67d496cb6b764766ebcb0

SHA1
7db5a02ccde536d53417662f7a12539ed0561c6b

SHA256
3b4e9f178011e0093c0ee3a56556ec636f1ac1b139dd3796db659a59826afc92

SHA512
290a8573272dd3b71e254713a87970e9a893372bad588aa03707bb0054d1948570eb51da5283e79a1a6bde8d71c4dc47113d6f1734d992e613a8aca042168bcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
60ae0603646e1549c60558f5013be52d

SHA1
c6b6d6d23bca182d500741f1ee5b053ab99bfd37

SHA256
65d5d310aae95b39c6bcc050b78536e0df4b43369284249407beef14bb0e97f5

SHA512
c5c71d1502d5da9142d5de0fec9eee9f4803180c981635dc09de3a17604f0f4b7b609f6070ec5c0c60c916131c6d5a47a0d553c443852b226e29f742c08bea3b

Download Submit