dbd72455610793d55c9a70682d81ca037a99d20869f4f94768329ce6a1a2bf68

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8369c26ada126fb06b3427d1e91714f6_JaffaCakes118.html
Size

91KB
MD5

8369c26ada126fb06b3427d1e91714f6
SHA1

0ba74ded62823d0cc2d11912284f72e668feb2d9
SHA256

dbd72455610793d55c9a70682d81ca037a99d20869f4f94768329ce6a1a2bf68
SHA512

c59147536d14a38c93dca040507a64da7d6a314db025f8edd49511e9b805f5a2f440e03cc38c783ee544142a00a8cd7e046508c7b68153ef29183ab97198fc21
SSDEEP

1536:Y0Ksunh+PkA0rmjLit5pP/FGZa0ILLCiF0JJHiGZdqyB5NXCqlt+Vc7Uw0Q8OgjL:Kfh+PkA0rmja4ZPDiFbGZdqyLNyoYcVW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1776	msedge.exe
1776	msedge.exe
3044	msedge.exe
3044	msedge.exe
620	identity_helper.exe
620	identity_helper.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2904	3044	msedge.exe	83
PID 3044 wrote to memory of 2904	3044	msedge.exe	83
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 3516	3044	msedge.exe	84
PID 3044 wrote to memory of 1776	3044	msedge.exe	85
PID 3044 wrote to memory of 1776	3044	msedge.exe	85
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86
PID 3044 wrote to memory of 3892	3044	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8369c26ada126fb06b3427d1e91714f6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff996ff46f8,0x7ff996ff4708,0x7ff996ff4718
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5837012742302314904,6501792131092602663,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5837012742302314904,6501792131092602663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5837012742302314904,6501792131092602663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5837012742302314904,6501792131092602663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5837012742302314904,6501792131092602663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5837012742302314904,6501792131092602663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5837012742302314904,6501792131092602663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5837012742302314904,6501792131092602663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5837012742302314904,6501792131092602663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5837012742302314904,6501792131092602663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5837012742302314904,6501792131092602663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5837012742302314904,6501792131092602663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5837012742302314904,6501792131092602663,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1500 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
506e03d65052f54028056da258af8ae6

SHA1
c960e67d09834d528e12e062302a97c26e317d0e

SHA256
b26d2695dfe8aed4d0d67d11b46d4542c3c9c8964533404dfe32ce7a3e6cfb98

SHA512
15da55267433c41febebbe48983023293c6d436f89a56138cef1cea7deb5cdd7d4bcf58af12835e1152a8ec59e08cfc965e521eb54eed47fe44e1f4c2d1557a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a15dea0d79ea8ba114ad8141d7d10563

SHA1
9b730b2d809d4adef7e8b68660a05ac95b5b8478

SHA256
0c4dd77399040b8c38d41b77137861002ef209c79b486f7bbdb57b5834cd8dbf

SHA512
810fc1fb12bceae4ca3fad2a277682c2c56f0af91a329048adbeb433715b1f707927274e3e4a4479222f578e8218663533440c71b22c49735a290f907cc0af1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe2b84de753bda6fd2ba045a619efa2f

SHA1
a2a811a0434621f7b36ce142bf5a29352d704c09

SHA256
9ccc39db25b84b98dc274cb9d13bda9170e222cb47c20da80da5954229df2d4a

SHA512
94001a43516243223189e4caf467a4a4fdef1920ca1199cf1817d46e0aff684fe06da88ffc900b4abf6da45cb17927ac53cf401275af92e09a8996d82fc16295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80d33c20da7680efd6a048ba47dffd34

SHA1
10fddf64ec235169042b7c95fece1a9c691fcf62

SHA256
c55a5b962a8b6d7a04cb8f1feea3898c30eeb41417e292f443c2ea81a8cd22da

SHA512
3f46065c5a80d42a7e2ec3158848a9322099eb482d60a3750b4df9f43f0cbf54b76a7249909fb36f33fa22684501bd09c0adf68aaf5375b3225d574eeffcee0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
13977217ad11352115d806036d00856e

SHA1
d29b4b9141a2785cb0ddb1114522fd545fe8266d

SHA256
dfb7e241541c0d9bb629a151282355afc6d0efa669f07888aeabdb09511e0fe5

SHA512
e859938554d68450a6a0568c0a369fcc0cd94ea393a6551034c20615c7dca74100859294391991d8dd8aae72e395d24340979e555a5ca41b9ae33e0e5c8bd471

Download Submit