e6017f6323e77e0b4b73a5414a6ba696366520830b94d80965843276f7fc5ec8

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4d128d60c84f4de4484ad78a561b511_JaffaCakes118.html
Size

26KB
MD5

a4d128d60c84f4de4484ad78a561b511
SHA1

a80a254341cf84a1b961e5d823adee11f1fd550b
SHA256

e6017f6323e77e0b4b73a5414a6ba696366520830b94d80965843276f7fc5ec8
SHA512

a54ab28aabba67bcf52173c4c5918303e80db06c1a8e769ed151583c5c76fa08199e1af0ed3f8fb73c59933c64362339ec41c967464f8a658f4c046884eccb52
SSDEEP

768:jS+YhqD4D9mLAHj37Y4BW7OxMNWdjXMGMe:F3AD37Y4BGQM4djie

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
5056	msedge.exe
5056	msedge.exe
2068	identity_helper.exe
2068	identity_helper.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 4476	5056	msedge.exe	84
PID 5056 wrote to memory of 4476	5056	msedge.exe	84
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1144	5056	msedge.exe	85
PID 5056 wrote to memory of 1440	5056	msedge.exe	86
PID 5056 wrote to memory of 1440	5056	msedge.exe	86
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87
PID 5056 wrote to memory of 4944	5056	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d128d60c84f4de4484ad78a561b511_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e0d346f8,0x7ff8e0d34708,0x7ff8e0d34718
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,5156219067324166637,7297781473517117903,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,5156219067324166637,7297781473517117903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,5156219067324166637,7297781473517117903,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5156219067324166637,7297781473517117903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5156219067324166637,7297781473517117903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,5156219067324166637,7297781473517117903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,5156219067324166637,7297781473517117903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5156219067324166637,7297781473517117903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5156219067324166637,7297781473517117903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5156219067324166637,7297781473517117903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5156219067324166637,7297781473517117903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,5156219067324166637,7297781473517117903,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
187B

MD5
84a802429b2c06b02f318c9cf4b8cf90

SHA1
317d4d8781459bd54828d0c03b83182c114b7ce4

SHA256
2bcab4df93734710c7252187dab269490c702c51a48122e2dea0d53cf9cf87b9

SHA512
fa4aa8d86698e76d4ecddaac368a50dde21a043bd2520737102f647140d1e61ded57005896b268765a9307e2fee27ce47064e166823ae12cc9375f7ff8869d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3e8b4861d035d25703842096d8469c7

SHA1
e7cee78046b8096588ca20a2a75629210ee4a3ab

SHA256
778416f44b57b572cc97e45b617e9f8fa5f441909709ff4ea8aea06935deed26

SHA512
12dcd9e98f8fee10c7d87dd98a1a68b01febf86e5ed5db73ae34a01675d7015493a8a76f79f2ed055ee923697aeda64e895f7f3b995865924422c358e646a95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ccfb8f2d5bd113346dd078ce67726a7

SHA1
84a6f5915f122f128ea0847edd53621d2d8fa42c

SHA256
06c5c43b86bcd0a3044008095f50c5f624abd951c6a632455e207dbe16471d7f

SHA512
781b6488d4b5e957cc8aaf4c0f3551f24c3c437586a4818720d73e55404c53db0676755ab4394bf3e988785223c5b9fbe6fc2176337b2c1ff0c382fdd55152b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5de33799a0d34f7f30f0360221215928

SHA1
29af846d1695ff7b96de463c31bb260d01b6a84b

SHA256
b984a1e1894331f71b6382326f0c4db07d02a7fa816fd658c96834750a4a448c

SHA512
4bb94d4a2453d8aba03a1b29cec49260ea23ce269e162d9c23d9478bba1dab3e19c4678ed927dc12e0141d37c20516ff644595f9b00ffa9b76f37a5b8c7f427d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b3373ae0e887d8a383c016dea8772029

SHA1
38f2811297a7d7e6c799c95dee622e7166f934b6

SHA256
8fab63e8209e9bc4b5a85804c6943a3cbb684f965173c5b1a0e0cc963294976d

SHA512
76967be46e022e661cf76aea4cb1ba1ca8e0945d2c6bbe09753c17a3df6feaf3efdccb8ccc32f28ce5beb72b0cc551d3dc600870488e8e8e35056baf7c9be998

Download Submit