2dfed41bfbfe2f00737c55c907c951d6143988433cb7911bf3a833cbc0da4d7c

Analysis

max time kernel
145s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8334f18a93ce97eb2422f8e9651bcf58_JaffaCakes118.html
Size

120KB
MD5

8334f18a93ce97eb2422f8e9651bcf58
SHA1

6cacf29390154266e9081130819269a31fe6d8fe
SHA256

2dfed41bfbfe2f00737c55c907c951d6143988433cb7911bf3a833cbc0da4d7c
SHA512

0dea4785a646764dfc342f54bc9b0377011695d457b55521bea5c5c26ddcbdbb4a2a6354cd142f01ce28da6d9a5cca2a131657b6e804c03a771b1b9675c8eabe
SSDEEP

1536:CUnguyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGL:CUnTyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4204	msedge.exe
4204	msedge.exe
1168	msedge.exe
1168	msedge.exe
2716	identity_helper.exe
2716	identity_helper.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 3276	1168	msedge.exe	83
PID 1168 wrote to memory of 3276	1168	msedge.exe	83
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4460	1168	msedge.exe	84
PID 1168 wrote to memory of 4204	1168	msedge.exe	85
PID 1168 wrote to memory of 4204	1168	msedge.exe	85
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86
PID 1168 wrote to memory of 3440	1168	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8334f18a93ce97eb2422f8e9651bcf58_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90b2c46f8,0x7ff90b2c4708,0x7ff90b2c4718
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10711932907254003136,10828369264406070211,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,10711932907254003136,10828369264406070211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,10711932907254003136,10828369264406070211,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10711932907254003136,10828369264406070211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10711932907254003136,10828369264406070211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,10711932907254003136,10828369264406070211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,10711932907254003136,10828369264406070211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10711932907254003136,10828369264406070211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10711932907254003136,10828369264406070211,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10711932907254003136,10828369264406070211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10711932907254003136,10828369264406070211,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10711932907254003136,10828369264406070211,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea9ef805116c4ab90b5800c7cd94ab71

SHA1
eb9c7b8922c8ef79eef1009ab7f530bb57fbbbea

SHA256
bff3e3629de76b8b8dd001c3d8fb986e841c392dfe1982081751b92f5bd567b0

SHA512
8c907d2616ce16cfe08ddeb632f93402e765c5d9430a46e90ab5ea32d4df0a854c6007b19f9b0168254ab7aadf720fed8c68d1a055704db09c1b36c201a9b3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
347755403306a2694773b0c232d3ab2c

SHA1
94d908aa90533fcaef3f1eb5aa93fee183d5f6ac

SHA256
d43f2dd4ac5b6ba779100eb8b84bc92fc8700bedcd339a801c5260b1bb3ce3bf

SHA512
98f1fb18bc34dfc224132dfa2a2e6a131b280b25fcb516fac3bb66da2a47c7a7061124881de6fa5f65602663dc0ea71357b171a3346bb1514176943438322253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c609a52a7d7bdbd0ffd4017ff8a0b0b

SHA1
3c0d23362c681f0439e33918b9d92667a03a2916

SHA256
9225e1f3528dd484424634d9097249a7f946878ae1eb5a85095e40b029d73082

SHA512
bad35f92abde0cb516696c7e4e5d0cdcb14a4a3066e494dff61bf4bfeb33f20e2eba67adc91890d1c35aaab102d9ee902c7ddcc3208fa688a81e3d1f7b7f1c04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2896def5172cdf31326fdd7d4758a543

SHA1
596184abe8c9ae050516c2e82c8d7eca0bf89a5a

SHA256
6424931870ea6f9bd76a42f29faf689bdf7eb58a3d9e001d6520033846ce6859

SHA512
02312c46bf3b1ddc6450968409884354bbaa0f07e5eefa4f0f6a266386e9cbab4249af73fb69b3f39454218900431287cf7b55d8e33a97ccf5d2526dc1a0dc80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
438900fd6e9c9ca71adbf51887de1ec5

SHA1
51fd342f06704991aa9f89955b568d6d3b321611

SHA256
0f628c5b7c3ac11f3d9c16cdd58a11384896c7cf5a5f626ec3a6c64a8fe5a474

SHA512
e11657e943c4e9e7dade5d332e021d13b0937850cf99019c73201e7113c8051adbda204d88b633ae97a93857e3513350985ae2f8cc06e997fcbc020efd53dda0

Download Submit