d08348782457fdcf92130fd672106aa538090241de75c00afadb173fb9cba1bb

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 04:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

831a959cb63393fc2187966df2ff2bf6_JaffaCakes118.html
Size

53KB
MD5

831a959cb63393fc2187966df2ff2bf6
SHA1

b583752fc748b297d6464a37771cf0574cfe8b57
SHA256

d08348782457fdcf92130fd672106aa538090241de75c00afadb173fb9cba1bb
SHA512

f8827e92ca94425e452f2547f8b60dcf8493694a0ab8b74587a3fb94571eeb1ec0c3d8583f81daff8f62b6da9c747489cd6d961792a7e1025715c41a5c335483
SSDEEP

1536:CkgUiIakTqGivi+PyUBrunlYb63Nj+q5VyvR0w2AzTICbboo4/t9M/dNwIUTDmD1:CkgUiIakTqGivi+PyUBrunlYb63Nj+qm

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3012	msedge.exe
3012	msedge.exe
1900	msedge.exe
1900	msedge.exe
4420	identity_helper.exe
4420	identity_helper.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2664	1900	msedge.exe	83
PID 1900 wrote to memory of 2664	1900	msedge.exe	83
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 2304	1900	msedge.exe	84
PID 1900 wrote to memory of 3012	1900	msedge.exe	85
PID 1900 wrote to memory of 3012	1900	msedge.exe	85
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86
PID 1900 wrote to memory of 2004	1900	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\831a959cb63393fc2187966df2ff2bf6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84b5646f8,0x7ff84b564708,0x7ff84b564718
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,8756329620387755734,14925135748579752146,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,8756329620387755734,14925135748579752146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,8756329620387755734,14925135748579752146,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8756329620387755734,14925135748579752146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8756329620387755734,14925135748579752146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8756329620387755734,14925135748579752146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8756329620387755734,14925135748579752146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8756329620387755734,14925135748579752146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8756329620387755734,14925135748579752146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8756329620387755734,14925135748579752146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8756329620387755734,14925135748579752146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8756329620387755734,14925135748579752146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,8756329620387755734,14925135748579752146,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea9ef805116c4ab90b5800c7cd94ab71

SHA1
eb9c7b8922c8ef79eef1009ab7f530bb57fbbbea

SHA256
bff3e3629de76b8b8dd001c3d8fb986e841c392dfe1982081751b92f5bd567b0

SHA512
8c907d2616ce16cfe08ddeb632f93402e765c5d9430a46e90ab5ea32d4df0a854c6007b19f9b0168254ab7aadf720fed8c68d1a055704db09c1b36c201a9b3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
347755403306a2694773b0c232d3ab2c

SHA1
94d908aa90533fcaef3f1eb5aa93fee183d5f6ac

SHA256
d43f2dd4ac5b6ba779100eb8b84bc92fc8700bedcd339a801c5260b1bb3ce3bf

SHA512
98f1fb18bc34dfc224132dfa2a2e6a131b280b25fcb516fac3bb66da2a47c7a7061124881de6fa5f65602663dc0ea71357b171a3346bb1514176943438322253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
403B

MD5
b4ffb30c600d12922af300ba04dfa7e9

SHA1
1d3df5e8ac5afd5717b74106995643cdb83aa4db

SHA256
8a50f955af458a394ab7df489f68f2754008370245de283c998e2eb00015994c

SHA512
ca4667fe760d7e8f35e34a46b44426e0819459aed386a17d39867b82aa35cdba05e65f39fd10cb8e445b55539c7a69de2be714fff32bcdf11a217c99db6a2d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88d137171a7348228e1832c9cd71418b

SHA1
5427fed54c06454bbd2c48713ba71245e7edcbe3

SHA256
52aaa5d6cd2fb702e7ef2ff9c90629db29fe4c5d2df723a2cb322ecc4fea6b01

SHA512
b6d0d9aeaaa85bc7048164a9ec1e37e1f71f0842a62e0a1491c17d2d68e6be43d3c327594f34c2c4945e08ce1d7cb7ce623e39664ca11b3dd2ad2338a8148e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46fcd403961b398013a51cf17db69eba

SHA1
3983077aefc8b537254be71a3b21aec8dea47a26

SHA256
bc2f22c8d0f26d0ecc3efcf00d066aea67a3f400df52abcc4870671f04a0e974

SHA512
01837af1f6525266e62018bd47d0f8fb24154b58375d85275a2309e37bc25ecfffed3c7d2690ce9ed42e5f3e0f4d6915d9a4baafefb2d3c1c390e1c1730d5709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
26a233ac08a4188ae3918de54a2d8641

SHA1
0a6e307c04cb3b380d2ddaa194838a41c6911fd4

SHA256
9b5372f54b04144982831f2357aebc9c5833045b5684e9eeac23a83059a1b7be

SHA512
c8c24ee4508e3958d0d8906fc34ec5ebfab00f2e938e2f56d2d12de00ab718f1ed5f85081063fb373c5249142ea5dc76d1395be43ffe2377cee53a6e42349356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c01494f8d976f7faafcab123a1944e39

SHA1
bd10758bc31efa698a563d34c5422d76aee9e050

SHA256
54818647d63a1cb6d6abf3657c0bb39176d94c34795947ab6f14bfebb70c7836

SHA512
98abfae61a86b9b0aa0e91402ddba83d6f71af2510edf76a73e15df6e8002460ae7abe114956398ed60aafc768f3779ecfd45cfc845b72d163cc0e66183f87db

Download Submit