d10a07fb955c4fb2fef369cab46c9fb18e35abde4a1567f8c0f9c2f6f7f50da1

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb445d8127d3c445b89949ec76bbf61b_JaffaCakes118.html
Size

918B
MD5

bb445d8127d3c445b89949ec76bbf61b
SHA1

69dc49fce4fdd8f8a9aca99b277b18e5db2d4457
SHA256

d10a07fb955c4fb2fef369cab46c9fb18e35abde4a1567f8c0f9c2f6f7f50da1
SHA512

b24df012bea34baad5504fba68c08f117cea72755f9b558171ae2f5f3a2e907143f8c485b1c32726e9584c7da7840d6116856f1cb65b6f78155497fd6cd25bc7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2820	msedge.exe
2820	msedge.exe
3996	msedge.exe
3996	msedge.exe
4220	identity_helper.exe
4220	identity_helper.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 4008	3996	msedge.exe	86
PID 3996 wrote to memory of 4008	3996	msedge.exe	86
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 1644	3996	msedge.exe	87
PID 3996 wrote to memory of 2820	3996	msedge.exe	88
PID 3996 wrote to memory of 2820	3996	msedge.exe	88
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89
PID 3996 wrote to memory of 2316	3996	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bb445d8127d3c445b89949ec76bbf61b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91f3746f8,0x7ff91f374708,0x7ff91f374718
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,15577545763993046198,4836812314776426512,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,15577545763993046198,4836812314776426512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,15577545763993046198,4836812314776426512,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15577545763993046198,4836812314776426512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15577545763993046198,4836812314776426512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15577545763993046198,4836812314776426512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15577545763993046198,4836812314776426512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,15577545763993046198,4836812314776426512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,15577545763993046198,4836812314776426512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15577545763993046198,4836812314776426512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15577545763993046198,4836812314776426512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15577545763993046198,4836812314776426512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15577545763993046198,4836812314776426512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,15577545763993046198,4836812314776426512,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
d0c143b507bf7c906fa3ef7056c66de7

SHA1
a21641194dc0e79c887627e113e40b12f840598d

SHA256
8fb810bef13ce2d997bad6273ddb4a29c253b7e11bfa80cbfcf7efc0fd0b239d

SHA512
7e664e42a458b00880ff48b2c689dc2585866e0f95d3b07024011023c9aa8569179c0642b98b1b3159d23f0c070fbdd0fb11f5d12e11774acf23e0e635686c4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
868B

MD5
c0d4d868744645bbf95c4f70fe921c29

SHA1
8278f4ec168367324ed3c52db6d0025ba7454b0c

SHA256
1283fbd47226adade9d515babaf48bb261cfac45eda5a091e997c3bda21219ef

SHA512
9a0810e0085efc6c67d76689d0879ac924510c722254fc2a0e2b7d501b27a1639402e9a5177a4894a03b52ceb2a15d5ab12a29a006eeea0997fd7f0dd2a02ec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d0c747d70efa880751c608d73eedb7a6

SHA1
21bc251b3a65d8800c89819fa8cb348fc6b019a1

SHA256
622b47ad7c8a7aa2f8f3400c0390fdb11622cd2b7e99f95ed97fd9cf49324bcc

SHA512
7d984cf6dd53a0eb47b6d9fa06798a351f1396bb8b193fdef043579d30325c911555bdd900e49fd3a715000c2613d3b3a741db6939a305cd71327e9902599bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0556ef83a2cb77d0c594215bf958a23a

SHA1
4a394e45ad5e60fa3982423ccb7653696df1d859

SHA256
56535918731d597be936bdccd42bec7d5eaa542dba31d5f1515e1408217c6be4

SHA512
bea896c07981573eb0c8744f5b61b547fec0458841bbe0a7022eba43218b267519f98cd6e713caa1f2cdb73a3d263e2ecf097c8e193222f665fa1890cb533843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
330a3f082497c359acea92e9dd7b89e5

SHA1
74443552684de0070c1bb3ae7c612232db797458

SHA256
1bd4301795b460179ff959280a1f3414a19fccd47f55ac4c4ec84a4c889c123e

SHA512
0fa9d9b6109273f4658a7394e0e6d3b64ea7e41e68901776e9173d84d74351c2c8737bde3018f3efeb71faa70fc20bdbfe2694e0bb49a0ae463b865d4f7f1aa8

Download Submit