19d16e229f4f1f1618361e5963cbf51c6deb6620698262dbbbdc3105d6c38cc7

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87366214fdd6ab22cc516ede79307efc_JaffaCakes118.html
Size

11KB
MD5

87366214fdd6ab22cc516ede79307efc
SHA1

e6f91b2604b6722408e8b0b6f9b8019ef561795f
SHA256

19d16e229f4f1f1618361e5963cbf51c6deb6620698262dbbbdc3105d6c38cc7
SHA512

5ed47fbb32187dcb56714b1a8ba365aed85017f5ab64d6e8aa6771e6cfcdf79969e26d33ac9c61c230468874cdec687e02717cc05b2b9385ec97b6edec5a327d
SSDEEP

192:2ValIsr0r57M4MxapT8IM/w1wvqVkt13auBuLbdU8d:salIcIQ4MxaBM/g83aguLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
1836	msedge.exe
1836	msedge.exe
2748	identity_helper.exe
2748	identity_helper.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 2736	1836	msedge.exe	84
PID 1836 wrote to memory of 2736	1836	msedge.exe	84
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3736	1836	msedge.exe	85
PID 1836 wrote to memory of 3968	1836	msedge.exe	86
PID 1836 wrote to memory of 3968	1836	msedge.exe	86
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87
PID 1836 wrote to memory of 3536	1836	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87366214fdd6ab22cc516ede79307efc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb752e46f8,0x7ffb752e4708,0x7ffb752e4718
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,11755101822045869133,11466049378577338443,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,11755101822045869133,11466049378577338443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,11755101822045869133,11466049378577338443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,11755101822045869133,11466049378577338443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,11755101822045869133,11466049378577338443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,11755101822045869133,11466049378577338443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,11755101822045869133,11466049378577338443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,11755101822045869133,11466049378577338443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,11755101822045869133,11466049378577338443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,11755101822045869133,11466049378577338443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,11755101822045869133,11466049378577338443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,11755101822045869133,11466049378577338443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,11755101822045869133,11466049378577338443,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
01ac40918d3c270124a2b7a582640a05

SHA1
e28d33dba9257dca2bc711fb33b2c4b5eba867a9

SHA256
53d1e6e417bfa6a0ce95a3e8ba0e85cd88356b65542af968579ea2784df1af69

SHA512
56763f22c8edcb959d66e82817a00d14956367242a3fc0ce20de407b1ba2e67199689e7187462687d226b856e5db73c8e803a5427fd94246bdc4c14b274983eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c626ba28b7e606786d8686cd68e4f4b2

SHA1
3771ed19e40e925ca644e53cb60477258b516e4c

SHA256
a90b42da63d6699e28dcd6e39212f35c3614f6adbc5e3ccd5b1e59021e3adb44

SHA512
d8c2318b6d38c8dd41238b827e165581e8b6a224fb81884f489711c61e61d906797b1e06b84d98199773456c0300f4893ddfc1301d8c90a608b051fac90d9407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
632f69047565adac0a7794432d3f4af3

SHA1
47e046f7d0a16ecda5aa9098daaabaa3d94ca1ce

SHA256
0e4dbd68615ae3907d345190a510aa04c4e0c19b85c629e45afdea238e7d85aa

SHA512
0eb660720d48a794a185f487227632ce46d966528dd33128001b39b472be35f2555cf059085611146ef2371defea761d05b13dd624fee8b779443420d28e8b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f667361aad3518b0ccf7ce1100b8c7f7

SHA1
ce4b64d45268edfbf9688dc63afdc33a54e5f361

SHA256
9c55e68e19302d31760b0b8f0fcf3e61f65d9f5def45e26bb6314b036dd0587c

SHA512
fd671d176005c292bdd8f79afd9f2b60d6c2b14ffab30bfbc53a3e6f66d1ce212eb80c7d0fed963b655c598b965ef57c1cc0da15f8031ec5928ca46494674938

Download Submit