808cba0bff225becdab96b785e19c33ee9f0222cc9a5fa34a3db1d8e34c692e4

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0e2bd382898813785faeb6723e0deb8_JaffaCakes118.html
Size

21KB
MD5

a0e2bd382898813785faeb6723e0deb8
SHA1

26f34dbf849c0adf489d6ea1f955015cdf328152
SHA256

808cba0bff225becdab96b785e19c33ee9f0222cc9a5fa34a3db1d8e34c692e4
SHA512

6c08e92f0c59247e7f2254b20b5605aa44e752647232a98c02a9a3fd94409b486d7a76e8a94b38e84681d14dbee1b93a0cbd8d5c391bb3b80b8488cbef7c3fa4
SSDEEP

384:K+uKZUZgXfT0/eUphSo3S0Osy8FXuY3L543O08gMWKX+Gk+eJNpeHmNrv+:OKC602+hrNed7DeHmNrv+

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
3360	msedge.exe
3360	msedge.exe
720	identity_helper.exe
720	identity_helper.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 4904	3360	msedge.exe	84
PID 3360 wrote to memory of 4904	3360	msedge.exe	84
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 2160	3360	msedge.exe	85
PID 3360 wrote to memory of 1860	3360	msedge.exe	86
PID 3360 wrote to memory of 1860	3360	msedge.exe	86
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87
PID 3360 wrote to memory of 2684	3360	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a0e2bd382898813785faeb6723e0deb8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90e9546f8,0x7ff90e954708,0x7ff90e954718
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10442185889290244929,17622903615291473594,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,10442185889290244929,17622903615291473594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,10442185889290244929,17622903615291473594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10442185889290244929,17622903615291473594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10442185889290244929,17622903615291473594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,10442185889290244929,17622903615291473594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,10442185889290244929,17622903615291473594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10442185889290244929,17622903615291473594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10442185889290244929,17622903615291473594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10442185889290244929,17622903615291473594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10442185889290244929,17622903615291473594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10442185889290244929,17622903615291473594,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
189B

MD5
e6b4437c00b13b9482c3d0fb10c937c0

SHA1
3bc5cdcf191888ca9f70c03bee3fa6517d4d00ed

SHA256
465b6d8954d96f2605bd1197dc226827ad5b8a5dd67c5fa4928491145da420fb

SHA512
b531dae3a328b9fed6830c5360a0f63fcfdf2443d8eb1a31e69970417d5c5967131810f213b7bdc236efac62b95777124d853b54a028bc613bdc581d2a60897c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91fa58b9caeca81547df6e05bf0e4eb8

SHA1
d9876d7f75b88ae38bbae4db323b0cf489dd169b

SHA256
5c6ea8f5968b8ce6de8a9df75548b3f8d83b53744938707d5d7d7be9d167ce04

SHA512
144cb47e7f1bda9660a6e4b34df98995578b6619e8f5712b6a5688bd5e2b786be608289dea45672bfdfe72fc386e1c7a50b446a0b0a0577a61a3673af81e5015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7decf635e9185447d75a4836658d6d31

SHA1
ea06515c7b11d7e62a56b1a322236d0f1a800ffa

SHA256
f69c1f885664296ac82395f741f9fbfa5ff4fea164563aeaf173549a25eea42b

SHA512
10ca3392946c0974115865fc97d35e123dde46326458fe9085845eac4344904b16772437ef2359fcd979c3c604dbc45a1e28b841b3774fe2271ff89fdb8ba3cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f2c248189f56f5bac417c75b03662827

SHA1
4bad41737abb0a2a22b129f09fb356446d66ea6e

SHA256
4b17646376d1382a412b8f70e9e13d75fd73806f92d0896951d197f3dad7d82c

SHA512
d353e6e1276e2ea6f282abcccf405e69aaa85468f3a179c8c589bf36351a9abcf6e401e04e46edac7f4c248d45f6d7887bef8e46e25a0fe0fba06f9e8cbc8240

Download Submit