762e84b04010641f1472a6af386b3caa2ac7c6544aeef3ef52639b2b89319fc0

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2024 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bea977c0cb495d68dbbb6474eac8a8f3_JaffaCakes118.html
Size

76KB
MD5

bea977c0cb495d68dbbb6474eac8a8f3
SHA1

d51aed767f8dddde7bee0fb529fa578944eb6ace
SHA256

762e84b04010641f1472a6af386b3caa2ac7c6544aeef3ef52639b2b89319fc0
SHA512

db1e1aefda1525b7ce3aab3fa045c9c8f65699f024b603ba898507e485fc5de3e544310674b95cc1eff0471e1fbca3e82aa821539b1bde76b2060c8265e77499
SSDEEP

1536:/Q2voabnjItvtXCK4Ewww9RBEGg3eXTP5sOf609vmy9w0FLjwze:xvoabnggsOf609G0FLjwze

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
116	msedge.exe
116	msedge.exe
5028	identity_helper.exe
5028	identity_helper.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 2200	116	msedge.exe	84
PID 116 wrote to memory of 2200	116	msedge.exe	84
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 3128	116	msedge.exe	85
PID 116 wrote to memory of 8	116	msedge.exe	86
PID 116 wrote to memory of 8	116	msedge.exe	86
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87
PID 116 wrote to memory of 4748	116	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bea977c0cb495d68dbbb6474eac8a8f3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc0da46f8,0x7ffcc0da4708,0x7ffcc0da4718
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10037809231304281408,10416411322991725380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,10037809231304281408,10416411322991725380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,10037809231304281408,10416411322991725380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10037809231304281408,10416411322991725380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10037809231304281408,10416411322991725380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10037809231304281408,10416411322991725380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10037809231304281408,10416411322991725380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10037809231304281408,10416411322991725380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10037809231304281408,10416411322991725380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10037809231304281408,10416411322991725380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10037809231304281408,10416411322991725380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10037809231304281408,10416411322991725380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10037809231304281408,10416411322991725380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
466B

MD5
1c10dd115fc9274280617f7fb7bddd88

SHA1
812e2a63b9020220741ac7a4b3e84b7428c60511

SHA256
43f94eb3ae551eadcaa2c450a28c17c29d4009ba33bdeee2257d0f7389f4c49d

SHA512
f1ca226f2f100cfaf507e269eeb15b439bb18f698806e0230ac77aa8ff00283df2c430f184b23cc524654f22e9bb6aac44af712e0e7110c02e80eeaff7f9f917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
615B

MD5
54a04c0a8243e7c1be206dfd6e29c2f1

SHA1
3e4fec3b9bbad376e189647abb161d11cbede512

SHA256
198adea02714f012bf6dfbf3d1fb35c2e9906b2718a48da201815c6e914640a9

SHA512
7c53d7798ac2b62fdd9faae545bba0f26ae6097e802de899e487c06afdc56df9bcb18bdcb090ceab0774961b0813957fa301b35908631404fe677f39d4fc76f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8dba7cf913aff5045cc43e57027dbf6a

SHA1
e7158c90e06e603d3cc1e471f61cbec38db24041

SHA256
02eb933bff655c09b6579871e00f4802c78147b75085ca43971829acfe76691c

SHA512
c3d4da1a1a35938a71ff54b98d1a03113748da00540c511d65eb7539461797d0c95304473d824f40db54cba1e1a845608b1c31dec1c6d793c13e7cd77ed5bf08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
275e000790d53ef1de6b138cf74a5d84

SHA1
b1537f1f62699e3f8f3a3738aa0fe3c8d9307326

SHA256
fc017dc8d49caf37ef5a76ba22e381d83fe92d807a34435ffd179597d58ba1bc

SHA512
a9400069d0d8b2e4e8f29f8b54e71d937f42b3409421bec03fff8220688fb6797b6aa20067aa45eb37bfc3d570ca86a1b38b1f0e05729dd027ec4055b2b350df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7404058cc4a61048bc8c161828f66820

SHA1
81cbf333e70d355e6a0392fcbd336ec72ee7b653

SHA256
7824c07af2353b0414adbdb891dc09271d87788bd222d20ef7098283a25aae70

SHA512
db00c7f85d8822b0c8090a8ad54f8de13d29dfdb744645f6118c9109f26c724010a9622f23328d2faf894fd1985f04ccdfa69b294137e81557d1465e134b44e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1ecb58dc398035c95cc6084302998415

SHA1
8642ee47a4353d753e69ab847607e0f67e494229

SHA256
79c0644d84a8c49cdd83abe83ccfb7dc6773edc04250a693eeca5d5e617d6d92

SHA512
3459fe6c4c131202cca6b8f12850c4843338b7e8169a3e768bb5ed010bef3f614cfccc4718e45d3596d3e7c807006eb0d2bafefaf6bca2e77c989888f4ec5c98

Download Submit