353554b55106d53d88eed005531511aab5cf68e00a56d3b54b7af2d1affa2c32

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/08/2024, 01:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8cb470b30ea45064b11c36d43a61ed97_JaffaCakes118.html
Size

28KB
MD5

8cb470b30ea45064b11c36d43a61ed97
SHA1

f30325eaa24a54406fca218618085a368fcfab9b
SHA256

353554b55106d53d88eed005531511aab5cf68e00a56d3b54b7af2d1affa2c32
SHA512

96964b41b202140b5c7871cd3260cd2bbcd2b415698b493a074cb1e0f065f92670d8338505939bda6bfc04435c7a3cc2a5cf94cd0d165c57ca1505d2a7362dc2
SSDEEP

768:Ph2atw2s2XP2cXGV0r7FVWSo3Dd1H6Xuwj6Iawgz5F:P1tLJSiTKdAXJj6Iawgr

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
2404	msedge.exe
2404	msedge.exe
4536	identity_helper.exe
4536	identity_helper.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 4776	2404	msedge.exe	84
PID 2404 wrote to memory of 4776	2404	msedge.exe	84
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 4780	2404	msedge.exe	85
PID 2404 wrote to memory of 208	2404	msedge.exe	86
PID 2404 wrote to memory of 208	2404	msedge.exe	86
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87
PID 2404 wrote to memory of 2228	2404	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8cb470b30ea45064b11c36d43a61ed97_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8ef146f8,0x7ffd8ef14708,0x7ffd8ef14718
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1002904866849366720,9831153170185440226,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,1002904866849366720,9831153170185440226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,1002904866849366720,9831153170185440226,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1002904866849366720,9831153170185440226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1002904866849366720,9831153170185440226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,1002904866849366720,9831153170185440226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,1002904866849366720,9831153170185440226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1002904866849366720,9831153170185440226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1002904866849366720,9831153170185440226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1002904866849366720,9831153170185440226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1002904866849366720,9831153170185440226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1002904866849366720,9831153170185440226,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4c48d7ad-23a2-4026-bb13-2608da490b78.tmp

Filesize
6KB

MD5
8a78e792906ed2c80e91cdad7d9f612d

SHA1
63f5c4339942741ca93032a016fab88305c0cd86

SHA256
12dd67048f4d0964c3877bcb0d1d2a67195a8e3ca1a77582cac2ae6765691259

SHA512
9efd02adbe036ed42e9b8d8bac03012e9ddc11b396b129c3d9d51edb05d9333d09c12013357f750d4620aa9cfaf82773a01e657e00889b3d3b418bc5db41059e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
313B

MD5
c4b11f81c5a6b114a2935abbf9ca20e5

SHA1
1127cacdf13aa4c2f8eb8cab1eaf241f0b5e5a01

SHA256
1e02f476b3791d8a23d0d6e41a2523651e58b1f63285cf794cb79047333e08f3

SHA512
e2f7859503613095bae175797b4d2cc3966f476fe401eb3c1833c5c535c958737bdf0dc1808c32078f46273952788e0b0ab796313200b6ea399195e05b67e247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae39d37e4dbe6308d7617dde15090d91

SHA1
601872fc5bf0ed786645b53fb135f80fb85be3cb

SHA256
110c3bb18ac5bdd9b607937f5df433f12deef0cb2ea8d13c97fefdef8a62cf70

SHA512
3dcc28064e167e344c622a4fa9d89c6f1d62d30502a46d9fe740971cd692148fb21644507baf5c547057661f8e45b8f870fed7c8852f94b0e84bcdc68d7b8f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cc6f91875cc02d6287899efc0c42d4a8

SHA1
4f1e8a1922e891861e917a3f368615dbe94df8e9

SHA256
b29e652343b8e98d54355ec30147e2515d3c62823e90144ecc0fd8cd13003b31

SHA512
dd0a513c1e1018871961f8ae0ae74dab086b50d1f126b47d52f6a2f33ae4caf59ce168ab5a030052f04752f8c838a0764a890af0947d6dbf0d58c5f51f9b8c42

Download Submit