6175fb4f3647a87fecc6428fa2ae1b84ba31e9c22d39e49bae09367b2a882e59

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 16:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8b1f21d6e12f89f0dae01a83593866f8_JaffaCakes118.html
Size

56KB
MD5

8b1f21d6e12f89f0dae01a83593866f8
SHA1

692b5cd61e1493846258424b85170a38437fa557
SHA256

6175fb4f3647a87fecc6428fa2ae1b84ba31e9c22d39e49bae09367b2a882e59
SHA512

9649ad66af1938bb6a09d93247f700b369bad84b0628a431403947f62684f277384b4074a7f27f46518f0d091014c83e9a16976ecdccd11214c88cb96d6f5b76
SSDEEP

384:Lop0hzq1o1MryobEdsc5dk3/aVzXtW04JAhAEaSknNjHMy5EqoB9XD9wuAuV3N:BQ1NryoQvcAqE1YHWFx/AG

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
436	msedge.exe
436	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
3408	identity_helper.exe
3408	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 652	436	msedge.exe	84
PID 436 wrote to memory of 652	436	msedge.exe	84
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 1332	436	msedge.exe	85
PID 436 wrote to memory of 4108	436	msedge.exe	86
PID 436 wrote to memory of 4108	436	msedge.exe	86
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87
PID 436 wrote to memory of 3112	436	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b1f21d6e12f89f0dae01a83593866f8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdeab346f8,0x7ffdeab34708,0x7ffdeab34718
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4870007956625821581,12068948953296839228,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4870007956625821581,12068948953296839228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4870007956625821581,12068948953296839228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4870007956625821581,12068948953296839228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4870007956625821581,12068948953296839228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4870007956625821581,12068948953296839228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4870007956625821581,12068948953296839228,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4870007956625821581,12068948953296839228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4870007956625821581,12068948953296839228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4870007956625821581,12068948953296839228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4870007956625821581,12068948953296839228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4870007956625821581,12068948953296839228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4870007956625821581,12068948953296839228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
  2⤵
  PID:2340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
470B

MD5
8943225a6c45247b90722e53fce1ab5d

SHA1
10d478f3f8941d4784e6e6e02a7dfc438bda32ca

SHA256
1b7978d3487cc1169d154ba68dac4cf9ca916c8fd4e10563c2ca856d3214f692

SHA512
4d2c44fd30df6d2981fafe4519c17d50446a5996d4086e601e0b8404d4c76e716c96c7897866fbc83d9615885e5f1d29c040038887172bca5ebf93b3d072d948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6828a98c729c73952cf8db08e2b673f2

SHA1
5634ad2cdaf2f9ff8c919e94bc699a47c4d39a8b

SHA256
6cc9d2cb7945c97e41d72440d2ac05087755c741f5beb87e6788acef5c900e67

SHA512
d96b21a00860703096e398359a3a7c6204d89ed4151d47776ffde9f0294606cd520fa7d4980416ad08ce583ce1345a0225efdf9f810d6fa14b3ea9b8a8e36521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f08e71d8d0d1d08452fd407d84440c1

SHA1
2e440d4405179980ebde571379e7263f93318a17

SHA256
76302c1257156ea306ef14a2c8171d705b459649739115fd3258cd1f83ca3092

SHA512
062de76ac5a355bc3dc8a159db7a388fb0a5ffd51cb40d9cb2fca0eaf3cafb11e02798982ee67b20655e64e77e2c65cdf81db448446f15dc9cdd8c6d53448043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed0993b50d7440dcf5e5ca8196aea5fd

SHA1
0f5c23d1f23ddd7bad99b5e926cc50b1fb666920

SHA256
b32fe745069d3e94e07dedaa61b3b23e5d3141a0bdec01e8b94a2d6762bdec0a

SHA512
0db4b839a1ea1f05c43ca9699979fbc5fa59793288549bbe18c062fe78b469e2f577bc4ed27b4ce3363c3938aa0211a35ee887ac1725d76d4b4cf902f7df07cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
067de9a444e0f538f6bd8e57c4f13fee

SHA1
3b25bed218350174d9b25564114a1d34d8a6a2ee

SHA256
02248b9dacab3c652e0e1493984837f38cd10e889ca3b458e17025ed93d9c1e8

SHA512
6760e37ffb40e1c5749340ddd1ea959f38728d0cf921701d4193d3b347e4e42e48abee3914fbe9ff6a52a3433c037a174cb16f636e6c5bb70b48042310e8a392

Download Submit