2676a4e0375869ea4505783da98717df11d64174c7f1dc81367172f87d2735ec

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bc901780ac1126d7b2fa98664b008f8_JaffaCakes118.html
Size

22KB
MD5

8bc901780ac1126d7b2fa98664b008f8
SHA1

f210ba49b9c76ff8349cdb714c6aea0dfcc51374
SHA256

2676a4e0375869ea4505783da98717df11d64174c7f1dc81367172f87d2735ec
SHA512

7c9a7ef5838bd813a731f8645ef01759f6835635231fbebb108c7151139980b4825c1bfdfcb9933de427447cb7c5197d7a06732a4f91d80e67a0038785f04b92
SSDEEP

384:1u70NWroIUxC8PUZuzH796xnyeAnZojKrLnyF+SJEztnyB2DMBZaIzhnl7JRKafc:1hNWUx5x+QZ1B9

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
3356	msedge.exe
3356	msedge.exe
2464	identity_helper.exe
2464	identity_helper.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 2448	3356	msedge.exe	84
PID 3356 wrote to memory of 2448	3356	msedge.exe	84
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 3228	3356	msedge.exe	85
PID 3356 wrote to memory of 2724	3356	msedge.exe	86
PID 3356 wrote to memory of 2724	3356	msedge.exe	86
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87
PID 3356 wrote to memory of 1132	3356	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8bc901780ac1126d7b2fa98664b008f8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0x40,0x114,0x7ff9023646f8,0x7ff902364708,0x7ff902364718
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2254572044487587735,3170723189661564714,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,2254572044487587735,3170723189661564714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,2254572044487587735,3170723189661564714,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2254572044487587735,3170723189661564714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2254572044487587735,3170723189661564714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2254572044487587735,3170723189661564714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2254572044487587735,3170723189661564714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2254572044487587735,3170723189661564714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2254572044487587735,3170723189661564714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2254572044487587735,3170723189661564714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2254572044487587735,3170723189661564714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2254572044487587735,3170723189661564714,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
523B

MD5
06ae1028f93fcbc03a5fd089e1b2e35e

SHA1
58051bef24664377fe694f8aa7aefc3aa5b3bd75

SHA256
f0b367df01543e85f2fa45606d740bb5002e831f5ab01dedb8e87cc944beb6ca

SHA512
78dc418a11d42ca4faa029aa7ddbc7592206cd2b733dede96be0fe4ee58eca2bdcf7c77871661e3f4687f412c887a2e7e3ae7aaf3363fee9ca216a1b1259b23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c57aeae78f32e16f1070ed1dcac846e2

SHA1
398e8da4178255678ad6f129e4c983526adfd0ce

SHA256
04f5fdeda27b779b87a02f298c01a37c3e610f0f85e5fcc15f862f3cdb5dffe9

SHA512
8981fdb908e3a61fdc2aec494342981a84ba7934ed6e2d5bedafa6b66870e3f892dd43c8971f139ddb6b7bad71fe8f0223c869d3c0c9a8975cb38407202cecd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ecf472c9f669dcbcecfb5e7559f30e72

SHA1
ed87d85978eb8a5f6a9940382a415d92c5a0cae0

SHA256
0239fb8e9fce84d0d7aaf0f9987f3a9181d06e18d66af31a0338a40cf6e8c6b8

SHA512
1372a06448ef5933dadcf41dea76ad8e9e101dedc4e6e279a6d0c52836b45f2cf37e292c89eff40d943a40b8ed64134db069ba03e2167e0274ef88ecf3dadedb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1940edb6f9da782916a1b60dc0000e42

SHA1
f4f10840717d60d2f782aef35e0ca1e41d358742

SHA256
3ff5db92e1922a32e663c0fa49007ab49a5563d3bfd39f46ce62760cd99b3b3c

SHA512
afefe9479a2dd6dd9b4bd89239b8c8b275b414029f7d2a8b820194e8ff3fd7448e5ca42340d4b5d5de5fad92c0c8cedb4d5cf77e5b98a4225a7be61103580ca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ba92c236b7a7240cb484eb7ef562c515

SHA1
4ff9969f4c3ba6e34c3508262d4965d5751ed12e

SHA256
9ef66b0bcb93ed40eb069aec7776fa5f4ed970251fc507d2e60b3505ced74ddf

SHA512
86410c4b55ed555fd52c2076cb6d8ff3dbacc6452bff3cf9592f160a270a0de0e01c6d6c493033517b374a61ef5c38478bbaa55bf378e37c5949a9243156463b

Download Submit