286b49583bf14939c307dfd5e270622c8af07133e40cf0dfbabd679e0be3e9be

Analysis

max time kernel
147s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd0ed4d4822e7914c1243754d31d3820_JaffaCakes118.html
Size

34KB
MD5

bd0ed4d4822e7914c1243754d31d3820
SHA1

7b9d5bb59945b9fecec95c853b85749c8896e174
SHA256

286b49583bf14939c307dfd5e270622c8af07133e40cf0dfbabd679e0be3e9be
SHA512

ef2ec7e71afba163422e4b6620189e86f80e5116dffd742323078a037e3fee3e39b05219e3561bc7a63b929ca5e2edc54e55b1107a2e58310c7895be3b86efc0
SSDEEP

384:S+pnliRoihkCMdrytkFn+85wB+7dgL2OCMc6J/gWAg5FlE+fHRLs6:S+1IqiqCmSET5wB+7dVOrfASRLb

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4768	msedge.exe
4768	msedge.exe
644	msedge.exe
644	msedge.exe
4980	identity_helper.exe
4980	identity_helper.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 644 wrote to memory of 3544	644	msedge.exe	84
PID 644 wrote to memory of 3544	644	msedge.exe	84
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 3540	644	msedge.exe	85
PID 644 wrote to memory of 4768	644	msedge.exe	86
PID 644 wrote to memory of 4768	644	msedge.exe	86
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87
PID 644 wrote to memory of 3976	644	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bd0ed4d4822e7914c1243754d31d3820_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc8c046f8,0x7ffdc8c04708,0x7ffdc8c04718
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,96886484566017054,13670686398009891345,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,96886484566017054,13670686398009891345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,96886484566017054,13670686398009891345,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,96886484566017054,13670686398009891345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,96886484566017054,13670686398009891345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,96886484566017054,13670686398009891345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,96886484566017054,13670686398009891345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,96886484566017054,13670686398009891345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,96886484566017054,13670686398009891345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,96886484566017054,13670686398009891345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,96886484566017054,13670686398009891345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,96886484566017054,13670686398009891345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,96886484566017054,13670686398009891345,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
3f53bb0b9dfe50c6aa1c68385c495552

SHA1
05f675c53a4d8b76c7a9e635f12e56c124c25cbd

SHA256
715d59c1e8e041b58f5d3b5a366ffaa3f5f9a1a994cdb1ad66d367ad2270e972

SHA512
64107ab284deab517d99b79302c48f4c5301f650ef95136bfae2c2d2fb68a8a764969b319689f96e2b2a02c97d40b5f46395fa2c3441c55b9d1fbce7ce6a5d0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
99bbb1b94ace7af602bf8cb4b5cabd8c

SHA1
9717f20ca0efbdf3c65c4e1cc31b4fe2ef7a8867

SHA256
8f16940cfece9b25b26f14cea84efedd4f339a5f099fdc0c1fd764fadbdcb5fa

SHA512
76053243b706788c5ccf6fe53fb317935f247eddf30073ce6d68d60e821cfe1c879bf3f7d27457313de44fed03335b310325d1ad3a5cda4a952e722d5f2207c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bfd03d5a6fce075e6ec62210ad3afb93

SHA1
01ed3c5370589f968265460f5afb05bedf4bd045

SHA256
a793a81a0e45f0552cb59c68625bd5cdeafdfe5059108536f9e20f2c7a294385

SHA512
9ec32017bc153e32c191380f07be132c3a47d9d3fe16c1206eafa129f0ac254171be655c730956c08b683875f3bfafe3f52071ea6ef170bac0211f0517cdf556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f346eca80a4af194c2e4c08c1f3f9823

SHA1
c29648983fa9daaaf6262b85a3c475ffae22063d

SHA256
3c1efc9ae061d9cede3ec362334c93a07de4da3adb487f32cc6205f047fcbef7

SHA512
2dc792c53f6c138e4a14252ffab100a86e9581e7d8f392a7c405f8db91fee94c7df723a50e38e263938659041065988c5ab83cb5d880538a67d253829859e0e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b2c5fb756a9a4fd973f4ebd97a588dc

SHA1
1d70a348eb14b25abeea05d83e1c6ba6b5686446

SHA256
08c76bbc0e42a04e9a8f30f403928a69cc5682e5e40db820416b35ecd7c40266

SHA512
788f003612529b6b6c9637c3bc79ba7472dc8316135ac4f64759b4386c850d9dbb9373cc871c3ec948e4828816fcc68c265dc422f31c8418890a936e1b233fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0606029ecaedf21bf300584122a471cc

SHA1
8aa333535b25f1ebcc039fcff4cd150e89c1e500

SHA256
c8e6193591ff508e155df1003e46f454b262087e3ffbd4f71730fc2aa53864fa

SHA512
146d162fb6cae4a9b71ff1a6955108df3ddc19adfb240708f140034997a2811bd3deaec9450846a545c2d60913c5ecc54f67da7ea33f5f899c0d1627a9327fd5

Download Submit