8b9ca0638b62dd0fc94cf1779b648270a43906adeab67acba32de97660c91d47

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10-08-2024 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87160f8c4351aa3de05d642b5751d2a6_JaffaCakes118.html
Size

119KB
MD5

87160f8c4351aa3de05d642b5751d2a6
SHA1

7a73521c3483b9649be394cb29db0304ea55d05e
SHA256

8b9ca0638b62dd0fc94cf1779b648270a43906adeab67acba32de97660c91d47
SHA512

2c31e856407d190cf70708cbd503f9cbc854054e8095d3da106a4514992e1180fd36fbf826e61e345f2fb7dc9c5a87f9ab163eb1888f9735dead1be09b5554cf
SSDEEP

1536:fjvdKVqkyhI9vETP1sjok9IEiEXU7+E42RK8Dg+DE/Y2NEANEX9tcNVasf42bL:fjvC19vEJsS08Dg+4/YnoNVasf42bL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
2224	msedge.exe
2224	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2492	2224	msedge.exe	84
PID 2224 wrote to memory of 2492	2224	msedge.exe	84
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 3112	2224	msedge.exe	85
PID 2224 wrote to memory of 1172	2224	msedge.exe	86
PID 2224 wrote to memory of 1172	2224	msedge.exe	86
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87
PID 2224 wrote to memory of 1660	2224	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87160f8c4351aa3de05d642b5751d2a6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e3a546f8,0x7ff8e3a54708,0x7ff8e3a54718
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1488,9428054956732555238,9626877836767046016,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1488,9428054956732555238,9626877836767046016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1488,9428054956732555238,9626877836767046016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,9428054956732555238,9626877836767046016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,9428054956732555238,9626877836767046016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,9428054956732555238,9626877836767046016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,9428054956732555238,9626877836767046016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,9428054956732555238,9626877836767046016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,9428054956732555238,9626877836767046016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1488,9428054956732555238,9626877836767046016,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
73b4fd5ee301721ffed1d4f3863132f7

SHA1
82d5c39cd14b3aad9bc7c7c0ffaf604ef39bd00b

SHA256
078bbae7bd261cb80e7c14e90cca3551c3e727e8f936e128ebeab493c5811f5a

SHA512
0dc5fc7ea8e7ce2d9afae7b6a1c5421fb195119744b6492c36f6b55de8b95a2b3be12fb5bc81ca5f3b7ccfdf405119b02200d75474dd7fbffbbf16031414b06c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c76945e05391564ac35d9b132490c1a2

SHA1
3cd582b0358e54b1421f3d3e8b99e00d2fd43a57

SHA256
d62c95142116ec0e7df5600768a3310fd64592a539afb4f799f269606118b6df

SHA512
f6c425e17208fc1c6f0ce2632a15167ea5a02fc3ba924ab9c1e327f844011ca943b5c59779467244e532d08537ad4d9c815add0c17a35bf77572fa6af6519a6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
988B

MD5
328ef08fd57ec88d28b4ad31bd86d912

SHA1
5e5767ae5563e8b2152e750113788fd3f05360c7

SHA256
b8715fc8b5c71f7890e2cd029208e5e55856f4ea26e9e1db9baa7113801361d8

SHA512
84f4bf9714c5d0beec8058b18cc55a1b36bf8b5f778d34ef9252a360d4d00cfc579df882d231c65a9cd4099bbc17f30f244d72b6eb28976d7a43532280203c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d525acb0fa88f9b24aa1ed04e89e0840

SHA1
0d6778412977e71fe4109cda424b1d46483387d7

SHA256
22edb34e65bf8c871dd52bfbf9ff28368156bbfa448b1dbc97a824b940367fcb

SHA512
ed0a58264d1aadc92db30b275e90304b2a7270eacdd258af645211c2428906ebee303bb7b40c8991f409ea47bec89b572e54e1ccebba28369d9a4c5de72f0c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56fa0c5054d3e5b79208680ac7810464

SHA1
f637aff3ffba0db42c47bfb4c3fe47622062d586

SHA256
ab530651bfbb1d5ec2343da37ba56ef563d6fc37b48a51d4edd86b1c34efb0e9

SHA512
98015c83c30e45e3890af50745082985bf041f6f2507cf1232be371698a5dab1bf1ad9f9889facd15e3a7cba2608cf522435d716a9a8ab73f71836ff93de0f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2b63d033e0f9ccc85601a0c2265c3c8

SHA1
d036ec0104b7237bfcca17a05d8f61716b6c2a0c

SHA256
2b4aa829f45def70fc11d1e5419ff6ecc34a66f54f6fa3c9821151dd7ddc1474

SHA512
d21f0e21afb714ffc9aa071529e069b82b485df939d976998089a13a43c8ed8edc858d59789395862923f42b56e156754e1f0c51939d3e818c87d02eb1bdc140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c9c05388091e061e7cc3d5aefb55a16d

SHA1
670dce28ed6c341221e8e37a318f14b13a8fb2c8

SHA256
71991f124e1f4c12c494ad3da29f8edcc3890a8c1137140f6f1be0bcfc8e3724

SHA512
2e56fd526dc36f33297e26a09c599b916b2e081a38729f5c8f31b6c7a5e1a582ddac8a0ba4237526d016ad016a04f5b86b88e91a42a57cd0935e0d4b3d0fd050

Download Submit