5791a9e12c815b74b25bb97bf67bcf2076b9138fea01a81d9e9f83775ff06d6e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 04:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83031780e8040fd9c07b55778cdedebe_JaffaCakes118.html
Size

26KB
MD5

83031780e8040fd9c07b55778cdedebe
SHA1

b26cf36633cb81c26dc30f628f33eb526d2e85ac
SHA256

5791a9e12c815b74b25bb97bf67bcf2076b9138fea01a81d9e9f83775ff06d6e
SHA512

fbfe882912dd6648a872d4960701b17b5ddcf754cf4e539a8df7fbeb12ff3716c7f242efcccd12df70f2511289d776f1b3138a7faffe9b3a4d9cd6991e06aca9
SSDEEP

384:Raa/WttUmJgADt9fRaRcv/V8en1chSMrPnrfivas/I:Raa/ij/ZjSHhz/FsA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
4112	msedge.exe
4112	msedge.exe
5020	identity_helper.exe
5020	identity_helper.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 2936	4112	msedge.exe	83
PID 4112 wrote to memory of 2936	4112	msedge.exe	83
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 4456	4112	msedge.exe	84
PID 4112 wrote to memory of 5008	4112	msedge.exe	85
PID 4112 wrote to memory of 5008	4112	msedge.exe	85
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86
PID 4112 wrote to memory of 4700	4112	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\83031780e8040fd9c07b55778cdedebe_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6a1846f8,0x7ffb6a184708,0x7ffb6a184718
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11415644572171880217,3547484023742528025,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,11415644572171880217,3547484023742528025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,11415644572171880217,3547484023742528025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1920 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11415644572171880217,3547484023742528025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11415644572171880217,3547484023742528025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11415644572171880217,3547484023742528025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11415644572171880217,3547484023742528025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11415644572171880217,3547484023742528025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11415644572171880217,3547484023742528025,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11415644572171880217,3547484023742528025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11415644572171880217,3547484023742528025,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11415644572171880217,3547484023742528025,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16d2cc2d8a8347e405d36323b4e6ea99

SHA1
ea695aa245d20b1e1141f4c18ee5e56f810614b4

SHA256
5455c3741232efafea8e3b155a0fecb660800e2e0f19cd2d720281f7cdcbbc23

SHA512
85d9d1319d4b4f8442e2fbd22951d7a2836f6456f18062508a5d22031d829a23a1a4453283f2194312ec444eef57fe09ca393c5c1536efabb7495fd301433343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ee3b30a1359db628dcaf6b053a049740

SHA1
35bb7a4d99bce5d4ff9e080b6078dd8d9ca9cb1d

SHA256
3d145dcba409bab26909c6090fe80bb55a0c030d226f26bb4e04b1bd495f5212

SHA512
6825eef8c8fc940d1e21c31e8643f969386fc5c5f467b6ae4a6709dd09f35632bfa2b87f3bc828a8dc6d70533dc7fbfcef6772e2b73586286680f4b567d92c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1237a1d92361a8663d5eaf6ca711793b

SHA1
86b032edfa8117ee69fd051035bebb3f7b36659d

SHA256
0e76222097177da95d27ff895f86f1ec3aa5b948aa82b9b10ffa740e33396867

SHA512
bfe242708c04d6b29c8acf50bfba04336caa12a31929ccfb431498b2aeb6de4fc4e458ddcf33c99f33927743e02103f03d2623047ad9c6a953e84fa3bff6dfce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f500dae4fb06750dfc17f61d5e9f7ded

SHA1
5232b168514af9f18be88796fd1469969fe583af

SHA256
0eb3436f9b927b2a07a667a81a5ff9c1ff5c745d9f78832fbe6daf8c6ef657ca

SHA512
b21fc5db12630e0dc5168804e956e9f8a972ca430c1e995b083368c927adf71966659ddb5eef130b8b08de67b2ce5fb29f66da27890a29447461569afd650842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee91e388a12326535be8dd4ef3e0d0cd

SHA1
e8bae925f5966e5f4b6203c457ac8b630d539a08

SHA256
74603ce71a3fbf5305ef2662c4c64656a897a16326a2e6ba2504c85c9479bfd8

SHA512
aa4f079136e64cc967d5c99adf94a92d22e2c6ff6e7a94b2efe53fa9d7c62eafdebd3eb4dbc8b8ed60e6867b4fbdf50d8576d2e34296d22727a813e64b5cbfa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
518e5d21de67625940f4f581e2cdc1a0

SHA1
8f7a66ae07a25190cb5ba2c5b1743642e2e5b796

SHA256
919d738586cf782effd23ca2bbf21c21713d24621fe23fb330b4e94527443a55

SHA512
8254f72bc6dea1e5b0e1abc5933e3b4ee3702b704a9d17f7888959674564f2fdd40ee52d88b8b200e3c6e88edba949ce98f1b68e495ccdc57c5dd50e15c2e301

Download Submit