a86f241b4feba6c81710b7ea8eb0bd9785db39b3472baaf059bcacc9254e638c

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

826ebcbeada7326320fa068e154818af_JaffaCakes118.html
Size

55KB
MD5

826ebcbeada7326320fa068e154818af
SHA1

3e8e3df9c84d618452a9fef84c751fff774643c4
SHA256

a86f241b4feba6c81710b7ea8eb0bd9785db39b3472baaf059bcacc9254e638c
SHA512

311296be3bf8c9db58a1a8991434f402ea460f7c2b85fbd4aac419ac73c001b0e281512525ad7ee47668850a1212c0440037860d15fdb061ff8a889c8c1f7573
SSDEEP

768:iuCauJumYwbc9sAJ/nUba4OD2nC4mvGfeNPemcfJm/0mJm40FHFKdxNU9lQHRRmi:QZJumlosAdUba0C3vGIRljc40cRmi

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2960	msedge.exe
2960	msedge.exe
4608	msedge.exe
4608	msedge.exe
3480	identity_helper.exe
3480	identity_helper.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 4264	4608	msedge.exe	83
PID 4608 wrote to memory of 4264	4608	msedge.exe	83
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 4620	4608	msedge.exe	87
PID 4608 wrote to memory of 2960	4608	msedge.exe	88
PID 4608 wrote to memory of 2960	4608	msedge.exe	88
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89
PID 4608 wrote to memory of 2892	4608	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\826ebcbeada7326320fa068e154818af_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe385c46f8,0x7ffe385c4708,0x7ffe385c4718
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,6166194301036095408,15822346036843940460,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,6166194301036095408,15822346036843940460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,6166194301036095408,15822346036843940460,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6166194301036095408,15822346036843940460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6166194301036095408,15822346036843940460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,6166194301036095408,15822346036843940460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,6166194301036095408,15822346036843940460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6166194301036095408,15822346036843940460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6166194301036095408,15822346036843940460,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6166194301036095408,15822346036843940460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6166194301036095408,15822346036843940460,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,6166194301036095408,15822346036843940460,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea9ef805116c4ab90b5800c7cd94ab71

SHA1
eb9c7b8922c8ef79eef1009ab7f530bb57fbbbea

SHA256
bff3e3629de76b8b8dd001c3d8fb986e841c392dfe1982081751b92f5bd567b0

SHA512
8c907d2616ce16cfe08ddeb632f93402e765c5d9430a46e90ab5ea32d4df0a854c6007b19f9b0168254ab7aadf720fed8c68d1a055704db09c1b36c201a9b3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
347755403306a2694773b0c232d3ab2c

SHA1
94d908aa90533fcaef3f1eb5aa93fee183d5f6ac

SHA256
d43f2dd4ac5b6ba779100eb8b84bc92fc8700bedcd339a801c5260b1bb3ce3bf

SHA512
98f1fb18bc34dfc224132dfa2a2e6a131b280b25fcb516fac3bb66da2a47c7a7061124881de6fa5f65602663dc0ea71357b171a3346bb1514176943438322253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a4e748441275c837724ce958f26b9c0

SHA1
398448e97721c1124cd2603c98549eb06a7e645e

SHA256
5897c8e10f13ad8c3503ea7e16496f5ec2de014f3a9729c0f488bf30ec13e83d

SHA512
675966732f65985dd3b8d4a789b5d56b65cad66f2b15c5fcbca9d58214124921e17f57a85a6f854070308bd4893b635be0c85876edf417dfd2ea1b8015fd3ba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eda8afa705f4ceed2eecd121fbb3f4d1

SHA1
7ef1a33d69f604b6e4e5294c79901568ab30a446

SHA256
53279dfb536b17f7b162f717a8272048116397a7d8666a62291ee2056c478cd0

SHA512
5b0e3ca6be408dfb0861a5666313d7a1862bfcd6cfb7096ba7c943b5a6b4060f68b8c02894fce73e5a20b44cfe5735283b214d2ad459cbe855a10d064e4472a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1dde4f7a3a57dd91946c3d21d6793770

SHA1
7d667af1e6280619da1984588d2a4d989e7c87a0

SHA256
a12e1045466fede11107311ab391e336a0038b3b73e890f8a4f27f32f40b8433

SHA512
293a46a98dcf4f6f9acd8541370d1af030561442a0fccfc7f3b979212ae4f8c2cdc8847066b16fcb07a510704ebc4b3266fb5f872e6213c74e755442babf9008

Download Submit