b50ff23f9f9e9c8ff1b5c4df04b8b5a76b65f5f0ee2674686ca890647b81434f

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 04:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82faf348229a44c681f8de21ded92399_JaffaCakes118.html
Size

55KB
MD5

82faf348229a44c681f8de21ded92399
SHA1

5870bdf0ecb39710e0a101294e9ff5c5981b0a11
SHA256

b50ff23f9f9e9c8ff1b5c4df04b8b5a76b65f5f0ee2674686ca890647b81434f
SHA512

064faee45e8026b3a65b715ab5e3db80ffe5bf13e3ff20ec4d715264eee85096750e29dcbd516509f0926d7e0706b5052e041fa7641cd61d4c7e21283d811078
SSDEEP

768:sLTpHvvCIooBC+a8FIN89Ykuzcy/c2yoqQ/wSFXegVD:sZHv7o+la09YkuzZnwSFl

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
960	msedge.exe
960	msedge.exe
4932	identity_helper.exe
4932	identity_helper.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 3012	960	msedge.exe	83
PID 960 wrote to memory of 3012	960	msedge.exe	83
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 368	960	msedge.exe	85
PID 960 wrote to memory of 4316	960	msedge.exe	86
PID 960 wrote to memory of 4316	960	msedge.exe	86
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87
PID 960 wrote to memory of 3992	960	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\82faf348229a44c681f8de21ded92399_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8f2746f8,0x7ffa8f274708,0x7ffa8f274718
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17455042378158935337,12461146679025232465,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17455042378158935337,12461146679025232465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17455042378158935337,12461146679025232465,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17455042378158935337,12461146679025232465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17455042378158935337,12461146679025232465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17455042378158935337,12461146679025232465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17455042378158935337,12461146679025232465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17455042378158935337,12461146679025232465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17455042378158935337,12461146679025232465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17455042378158935337,12461146679025232465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17455042378158935337,12461146679025232465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17455042378158935337,12461146679025232465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17455042378158935337,12461146679025232465,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8d8ccfa6a8b1b15db876b848b8fdc102

SHA1
dc7d92c35e9c84d8d78ac0aedc926214cee68135

SHA256
b48f98046030e23b843422251481c3f19cfa0cf71fb36a8ff89dfcb152761f86

SHA512
6ae61b6cf236082b9930686ad2650c3ce3fa337550363e0858062dbb399093b0ac6bbca3d4c40101e222ce764fa4fb704bfc591e6d5b0a6c165f170cd6c9d5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e22c2898ac78c14a840076a8446b9d

SHA1
ff5b7cca3ff2c4e77e6330e2c5e2b62bb56e9fe6

SHA256
a5e570fc8d3a52027db48adf1301fe8dffc500a4bef04d0d6bff15fff78ade8d

SHA512
19381615be8f53ccae56a21c29c314c3247ac78fd3cf838f52ca98757b54f945f0d178cfb44ea5ad42fc68b3d3e6e7ce4e4f40eb69f791fa5132f591c62388e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b2188fe1a730cd7933ce3df55bb984dc

SHA1
622751512825a5785c573aa725e8e10e3f52376a

SHA256
5aa8e6242f649b73f68cb911c0312838313b590672a6d8ef395c04e11415abbb

SHA512
d6fdd81635c6a175eda7d76c43f37fb8d003aa55d7724c62748a3c5dbb9316fcfbfd054c4e2618d861c0fbb2c234875f6dd636cd5529cb5bae7ebc0fa1c1ab6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8391db156649119ae8035efa3e83cdc3

SHA1
74b545959ec7375749ae68353179604bd8aa081f

SHA256
47c53eab3b1f529d37f19c890e94f4e32342a238c1a052b19b994eed326662a0

SHA512
10208359b7a49014772ea5800c0e0710f6ebb6a76df3584eaf2dd18326908ac7e9f5bd0f5096c6aef6d40d9626ac238ab96f10f9ce216381e9c273da0d325646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d9d0fc8f1954bbe68d9f290824b028a

SHA1
6a780f1d910199f925a613ceb4e0e36297fa8f87

SHA256
7442d79f237c896b5f4277169ea121c3ef0311d7e210493b94506c6680f8dbfd

SHA512
fa2a54d3cac3d278fcc8817474c714f05120e331ce3ed734a03a7fecdb9a133b769a0f3b48bf720b265813f86ac47636c611bb6273ae0ce9a1e701796e068070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7e6d4eb93bc75c269a57f374aee9d23f

SHA1
6eb9ab7509a74f792566c15cc9d36f8a3143cbc1

SHA256
ce69da42f392de205bdaf6ae16db1d9bad120cba5fd27f0e96d83c11cf7cf306

SHA512
8032b8f91b3d5b191a689c4be9559103c6cc7edb79155d7e1a37b25c1ac9bc986e7edb101a80e1f6ba205805cc54d3bc56dac85977edeaef2ad66662a277c73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55506cfd5f040cea9110fcf76c2001a6

SHA1
75669fae55efeaa0bbfd3f852941efbcaf7d5aa6

SHA256
08e0f1ed7280a1ab303c97758b79e2086b08cc929f38814b1cf8af4eb578c779

SHA512
7123462c4af70e33552aefc82fe96e1944f4945f4bf388e0e14bf5faddec99664acec0d760b4d15d519ee2b25b8a6054fbf63ad00c48c88eb8cf85372d08a9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
59c1c6fe484fbe78a2706288373fdcc5

SHA1
8dcbc453a39b98f03345deb154253c6a06ab9839

SHA256
18db53f715827f763bbbc1243e0fc5f5d7440b6f6f9cf2b82add6f0a0e1829c7

SHA512
ce5845d410fc458d2ea5d4fc2f7374799ad9b3a4a53d9ce2753f61cc22b7a99c33f9f92ad3a383d0b84d417927790ed1577905c4753dffbfd3cc72499c076d89

Download Submit