7d2013aa575e2a8493e059297ef8f61de12bab5c5633819b3162bdaa352ad31c

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac008b28229e984df977df6a977ad8de_JaffaCakes118.html
Size

46KB
MD5

ac008b28229e984df977df6a977ad8de
SHA1

c48e51e90cb5a8dadf6024c88c1fa05a233dec8d
SHA256

7d2013aa575e2a8493e059297ef8f61de12bab5c5633819b3162bdaa352ad31c
SHA512

e9949f587240928aab7718ebfdb52b2b8f14b96acde1d4da894ac7e3dce7e09c3f92bb44f36113ef55685ad7a696c1b6d7ead3b0bee4f9de0268d41a9b1a4883
SSDEEP

768:rF2okxc0BYUHzXw0zFyevVDN7eHlGzwP2vtkrP4QAoWQqFbXr32G0:rF2Txc0BYUHzXrFyevVdeHl4wP2vtkrf

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
1288	msedge.exe
1288	msedge.exe
3204	identity_helper.exe
3204	identity_helper.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 2932	1288	msedge.exe	84
PID 1288 wrote to memory of 2932	1288	msedge.exe	84
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 5020	1288	msedge.exe	85
PID 1288 wrote to memory of 2260	1288	msedge.exe	86
PID 1288 wrote to memory of 2260	1288	msedge.exe	86
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87
PID 1288 wrote to memory of 708	1288	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ac008b28229e984df977df6a977ad8de_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe4,0x100,0x104,0xd8,0x108,0x7fff540d46f8,0x7fff540d4708,0x7fff540d4718
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4360033996497216917,18262443675451872878,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4360033996497216917,18262443675451872878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4360033996497216917,18262443675451872878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1496 /prefetch:8
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4360033996497216917,18262443675451872878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4360033996497216917,18262443675451872878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4360033996497216917,18262443675451872878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4360033996497216917,18262443675451872878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4360033996497216917,18262443675451872878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4360033996497216917,18262443675451872878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4360033996497216917,18262443675451872878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4360033996497216917,18262443675451872878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4360033996497216917,18262443675451872878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4360033996497216917,18262443675451872878,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
260B

MD5
f9e3ac181b2429449b2fef1717a33368

SHA1
bbe317b22f8cb054c3f24fe04f6cb905fc932be3

SHA256
8d457b7f32dc2854940eb01e02be1183fbc80029d06402db14d21aa2be534ca3

SHA512
233b97b623e58f82a7145a70ec304f3d59e0e8e028962130f1f079c5c162f2c2ab977977fb9bdc4e04cbb5fb828cac3b51a64b7aadd2a14dac0717350747a8be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
594f8d5a126718d2922793583bcc8938

SHA1
293566abbb4273c393c212b737d33422ea77da1e

SHA256
89c61cd67865f61e5bcdd4c0c29d1c7c11f283ef5f42413c4b0743dbbe044183

SHA512
c2364bafe950594b84d562c650e0fa2457f381a4b3f588eb519fe9f4dd5afe3b05375dc90980d441024e9ba9fe9f36aa905fc8e1f741e2467fc81dbb45170350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89b182d19fcdb7a1dda03698e6153849

SHA1
30e2c44fa87a3b1346094fbaad9378a5dc0d6e92

SHA256
5ee5604a56b190bd58b4b15234afcd18e069ea0713b2649eec230bcb03cadd88

SHA512
3c2819390638498d49174e27c681107612b21c127a61c5d6d9fd36720c901b7ac9ab0d8675a5f28e3f7561870f45822232db41b59b776b8c481ff2c8238ef749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4229eb262ccdc5aa36ef66e3f483275b

SHA1
e8a68303b992165d1463970fcc2edd3adb1eb160

SHA256
3c942d3b1924f42e791606e8c59276f4f5eaf41798f460819bf34e3b8eff5dbc

SHA512
74b44a4af2555985d48cd523c632d8cc2a784849b4d16fa759515c2cc3a4fc59ab2b58b583f31a8a30b99423b5694862b2908f6a29ac0d1bd27d6d0a2830cb85

Download Submit