091c03e284a86644426954e190974514786f31c428654adfef2b78f79a53164b

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 09:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a62f75282700b4913814490f93d177fa_JaffaCakes118.html
Size

217KB
MD5

a62f75282700b4913814490f93d177fa
SHA1

17526a58f42d55c690e31ce0ff15c6e57a7bea02
SHA256

091c03e284a86644426954e190974514786f31c428654adfef2b78f79a53164b
SHA512

040e6bd627d9373d176195c5407a4026f3c27a24df380ef3fec36595ed21c2f11288f5d70823d5b47c90f7b8ecb129a52e549e4a67a40aa22912eb204c77f401
SSDEEP

3072:338ucIAfwKH/KEsYWfwuLPC0VISuB5r4CyOHPaogLRZPvTTv:338ucVwKH/JsjPCSD6xApo+x

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
2984	msedge.exe
2984	msedge.exe
4852	identity_helper.exe
4852	identity_helper.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 3052	2984	msedge.exe	84
PID 2984 wrote to memory of 3052	2984	msedge.exe	84
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 2544	2984	msedge.exe	85
PID 2984 wrote to memory of 740	2984	msedge.exe	86
PID 2984 wrote to memory of 740	2984	msedge.exe	86
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87
PID 2984 wrote to memory of 952	2984	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a62f75282700b4913814490f93d177fa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0a7546f8,0x7ffa0a754708,0x7ffa0a754718
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,238829181677198040,6385218653633162425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,238829181677198040,6385218653633162425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,238829181677198040,6385218653633162425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,238829181677198040,6385218653633162425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,238829181677198040,6385218653633162425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,238829181677198040,6385218653633162425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,238829181677198040,6385218653633162425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,238829181677198040,6385218653633162425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,238829181677198040,6385218653633162425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,238829181677198040,6385218653633162425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,238829181677198040,6385218653633162425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,238829181677198040,6385218653633162425,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
883B

MD5
e0d85a5c9fe9da2d3f1f3f8230a631b2

SHA1
0b0f5a85bac614ba6e08ae6caac93988777a3894

SHA256
61f15c81d33beb27ecddb0fd15dbd88bb3cfc11ee70f562b71473c393052b3c1

SHA512
5c5054c0278722b4cfb9c3f412ccf686f8603cf01ea993b148ad331f7d7eaddb270aa762580e6e719e4f8665edfa695246607fe6bbda3ae86cb49265aa513cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
80d3f6e2ca24d8ec7520df6c55aa3798

SHA1
8240986d278797ac83a0033ee3fe0f898e46c8ec

SHA256
77a9f1a3a1ff9ea31b8df092dc8aef20c37694ee6b8be6cd43dc515dce26e6ca

SHA512
acea6a11891f094b0abb3f69c8a16292a8772053f5743fda5c1b0f02f17c28d3ed906cf849db2b77652bb9568681ae1ee9882b7ea19fbd6bdb55266e32ff3eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5d3493b1d1c36d47f73abf2472ad53f

SHA1
036d848dcc72f507d8de9655279243d110968e75

SHA256
a447385148f02abfd087d96956bba91ce44223908019528dd3fb4a99c5800496

SHA512
c3aaf04c328ddfdb92ff4d880715e6f4eba52f8cac4b3de8c22195d54fe83287ce5ebc7fb8e5e04a75e53d4ea8b5e960621fb23cd303ca9f1f26aae05a2ea25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97fce8dc1850a798c16197c79a81ea5a

SHA1
66ad5db0d673b6e66de2a0f603c3b508aa0fab7c

SHA256
8ac866706d77aa588144f664d5d737173fa55d086e0b3d310a6a53b59de34bc4

SHA512
d2da8f1e34b06c9945cc46d885d00a46b8876b1dc6b747d5ced406ac9c48f3f8853877dd34f4327bc784616e38ec0fbb7fc00a6c6ef7303bcca8520c971f27ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5807d294d0f9c8efdb2e71c30a1f2c9a

SHA1
747eca38ad784917ae930d4676ad929f84cffc63

SHA256
a53c80d7ed09ab04eec61900ec052964a446fb1e5504d1278f6601612d7991dd

SHA512
d3c1edc76351328e201cce5d0db93a4b2ba792ffee58ca20ac0253c8f4d47396fbbe65ad66068b485a732e646c6d8fc52d411188a821bb64cc6e833b73eb7d17

Download Submit