a5740fa6d8fd1479fd6160d28ed1bd42caf9dd6ba6c14113b93d8db102d65e7c

Analysis

max time kernel
136s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0f07a77db494d4d335294e77593a023_JaffaCakes118.html
Size

99KB
MD5

a0f07a77db494d4d335294e77593a023
SHA1

d721ece588efa1c640708165b602ba84817ce991
SHA256

a5740fa6d8fd1479fd6160d28ed1bd42caf9dd6ba6c14113b93d8db102d65e7c
SHA512

036887b5c1cd40cdd0d52450634feb3b1465895301c268b3f12e20a8ca65a20c56fa4753ad71b90ae803c269e0f7b693a2dc70de29b8fa1273ef262e27d2327d
SSDEEP

384:q0oVoUaIcyuwyZga49xGJFkG8BX0JRmn5FzpQzQiCQUQDUwBucjBovFkGVre8tOp:boXajrwy14Bni8W9TEOOgGuGN5c

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
3792	identity_helper.exe
3792	identity_helper.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 4580	4952	msedge.exe	84
PID 4952 wrote to memory of 4580	4952	msedge.exe	84
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 5052	4952	msedge.exe	85
PID 4952 wrote to memory of 4500	4952	msedge.exe	86
PID 4952 wrote to memory of 4500	4952	msedge.exe	86
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87
PID 4952 wrote to memory of 3080	4952	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a0f07a77db494d4d335294e77593a023_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbe2f46f8,0x7ffdbe2f4708,0x7ffdbe2f4718
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11009808190619600450,4054554172080195236,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11009808190619600450,4054554172080195236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,11009808190619600450,4054554172080195236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11009808190619600450,4054554172080195236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11009808190619600450,4054554172080195236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11009808190619600450,4054554172080195236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1368 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11009808190619600450,4054554172080195236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11009808190619600450,4054554172080195236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11009808190619600450,4054554172080195236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11009808190619600450,4054554172080195236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11009808190619600450,4054554172080195236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11009808190619600450,4054554172080195236,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5316 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6c0fec61-6ebd-42f0-bcad-6dd903118914.tmp

Filesize
6KB

MD5
1f4e8e4dffcfb70350db69842c5bac9f

SHA1
8048f400336666766f570669ee6758bcd4e23b8e

SHA256
73bd54330e26d33d45c1f73f1720f1805058abf2e7512a4b67225a0abe89acc8

SHA512
bd8655cd74b268e7d3e93c8e9e98a3745e40f2ffff9f060fb3b0a0d3426cf4c1df84acee74fe0f8084f89b30583eab6d50bb220e1fc9e9ac7cca495dd0920f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
191B

MD5
3d823e473f3db4cb474399e2670fd8d2

SHA1
9718dac516b3d5aebc3fb0dc0c0f3ec222c07b11

SHA256
0a24c6f18f8d4dcb9f1b4dc2f8c5e4cae7ab4c5266a70721d4159447bf089209

SHA512
2367cbebe89da4f3f8f06fea13d851503e0724f26e7258c6b06e2f293e0d1f8d3d3e7347c513244cfb3bb4a885cd896998df75837f432d3b5d03138042b8568e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c244f48fa746ca1c27c15ac66fba194c

SHA1
f4ec2bb258d11ae6f7e8de46ebaae21fcd123652

SHA256
c178272219927a6d7aca13684e3eaa4084a6b8f93b98c47c74be8a140cfa9b44

SHA512
936a2b8f0f7818a1575fa7b4c2a072e63123373e6308916bd5be03bef271464fbbd3dc3da95d501774479468f87a33192ee4eaa434f8cda03b91973435ef24fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67384c38669b5fbe162fbe7ed1aedc65

SHA1
40b827c4d13bd0ce48cc44e51553ac33f77a2274

SHA256
eee38d23663bdb9408f209bef9250afb1f6cb3296a6614c9924f09fb31b6398f

SHA512
5cef6f8e8d80498590c73b11e82279bb91c8bc6d8585b3155c68c8fc8f2ac48fd7bfd878af2cbf73ef8562874933aeaa6569394141444ac0b5683341086dc145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af21422b47c091e40fd8c0fa39771999

SHA1
e52a6ba3f2e150260b78e8f313f900c33cd77aa1

SHA256
be349ea602666976e68b02a117a4e9b8d91e44b26ad0d128c9d7ce4b65a16406

SHA512
9ad0a9b92be0d33658e516597994e8f054226d62b46ba0b200332da97842ae6cb30b54c964b810c2a5b80806787dcb6113e0ad25715df258c35e13de241236fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f2d72f55510a9e9bb968d4055a0e27e0

SHA1
1f47fb59d7b2399617dba0338fc5f09fe93a252a

SHA256
de1971f4ef2b6dc7b9727cf998cce93573c7458b2e489e0506aee379969c08ed

SHA512
506d6ddf184cdea764a1e45eb9d14911f1d944e9da6c3949a2a90d10a974b00dbd623c253a524a6db47b64c1ff407d53c8c6c556499a799021d6ca679ca9167b

Download Submit