18d9cfc394699ce6a7e9a6a9f5c473c8d6e6a873e76cad2991761abb19476d3b

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb088eb6e72b7bb2a47939414e09a4e4_JaffaCakes118.html
Size

47KB
MD5

bb088eb6e72b7bb2a47939414e09a4e4
SHA1

52f3c1c3f04ae74a6e13aa4e09efd608f9bdc91f
SHA256

18d9cfc394699ce6a7e9a6a9f5c473c8d6e6a873e76cad2991761abb19476d3b
SHA512

9abc2fd5a499c1b2a6097efa5d0ff1cbabb07d5b5b335160e805396b35f03a9d31a86947a8ab606a13b53713b674301faa9d590a991500a02a53a8f6268d1969
SSDEEP

768:mSHSSStgoEbTsBp0MLO5LtyonDx4kXbPn2zBHxpU:mSHSSStgoEbTsBp0MLO5LtyonDVLPn2C

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
4716	msedge.exe
4716	msedge.exe
1860	identity_helper.exe
1860	identity_helper.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 1852	4716	msedge.exe	84
PID 4716 wrote to memory of 1852	4716	msedge.exe	84
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 912	4716	msedge.exe	85
PID 4716 wrote to memory of 3872	4716	msedge.exe	86
PID 4716 wrote to memory of 3872	4716	msedge.exe	86
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87
PID 4716 wrote to memory of 208	4716	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bb088eb6e72b7bb2a47939414e09a4e4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8f2946f8,0x7ffd8f294708,0x7ffd8f294718
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,18016236405747258279,15300696166546366328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,18016236405747258279,15300696166546366328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,18016236405747258279,15300696166546366328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18016236405747258279,15300696166546366328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18016236405747258279,15300696166546366328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,18016236405747258279,15300696166546366328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,18016236405747258279,15300696166546366328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18016236405747258279,15300696166546366328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18016236405747258279,15300696166546366328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18016236405747258279,15300696166546366328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18016236405747258279,15300696166546366328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,18016236405747258279,15300696166546366328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
c29c401ad70127d82f9d3678a4eb6b0c

SHA1
4ba6786409ab2150881cc284415b4c100417509b

SHA256
707a3b8c72f7a0e28d61dcb67091b7b3fe9bc63dbd599824eca656fbc9884eba

SHA512
6c3b0885e34b7b6b66c7eb787710350f2d725e300e8c8795961629f15075c9d042eaab8632e4f50d187931717223e0a8e7091a32fc8a508eb9cd40a5464b1062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cdcc1afced4509b79c7e9960eb3db6b6

SHA1
fb6174e49f2cad875d9f718465ba9869cb43ab31

SHA256
126a4ec84bdbbaf387c77f07d5e0d0e8c3f4744b38e05ef90f409929be07dce3

SHA512
846095c6e954eedac82a58406aacce2e81e597fadef6521b18ab2626ef6de33ba1807f027e3495c0d767dcb5505070c8994759cb3107244065c0de70a50efc9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e99f251b68359f3427691025e53421c

SHA1
aa5a25e332303ec781891ec135243251c618da5f

SHA256
3dd3ae8885898f649b1e6d9c5e1dc346a3022dfd4e9e359d5867cd4dd8806adc

SHA512
2ab720bd411ced440fece41bc693bb3676317cdd4151ec53cd06b034d1b7c3f1b7098c0b17e130596eebda2d8c98eac7b2a828b5e54f60423412e0ebfdba74ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2034e4d5ee92ed89ec87233b3a589b90

SHA1
8a1acfdcdb7b28c5ad7db98217e2221a33636530

SHA256
6501a96cc790b9188f5c6b67e831cade3e7ba625999f05ff828893d9822048ce

SHA512
619ca7d830843b5e3aabeb296220538068d57e8afe735e8782abf5c5037000fed3480e25cfc44445e3f9745d2d560439596349558d491d49dc4cb3e7e5a140a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e90a3a4da8eb2baade03d63431e64c1b

SHA1
02bc83655120ea277f830c5cdb5835cfee45708b

SHA256
42450ee789f7827aeb499a5fbc4104da0c981f54bc177efd86e523900b40762e

SHA512
d3469880610a3889a689c9744fff6f2029a46a96487b039e03fd1fa1268eb589402f748b2ae6a8126124d03f65152265559121b67e8b49f5ba26b591814f3dd4

Download Submit