0d419de0e188a75b5a73dd84db21d9dd92a20c57f43f009dd2b57297787f8f5a

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2024 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf18500bd36546b6201fc5ee5237ee3a_JaffaCakes118.html
Size

43KB
MD5

bf18500bd36546b6201fc5ee5237ee3a
SHA1

8da975cd19b3e76ac767374411e93b70cad59c79
SHA256

0d419de0e188a75b5a73dd84db21d9dd92a20c57f43f009dd2b57297787f8f5a
SHA512

2ce87399bcd3efcea6514abe128102b0ccb5d469c581612466825e1afaacc611fd0a5255f7acce09a58f71693dbab1bb60f74df1c34a0eecae43931187d47c78
SSDEEP

768:O6QRhkt02egtArRJnX7mgbOViBdzaT6TITefLCUWkTlt7W80rhFIDZxFNfVKZl+k:O6oha0eAPXtbgSR6iyQ2UWk5t7WhrEZQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
440	msedge.exe
440	msedge.exe
4020	identity_helper.exe
4020	identity_helper.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 440 wrote to memory of 4588	440	msedge.exe	85
PID 440 wrote to memory of 4588	440	msedge.exe	85
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 1032	440	msedge.exe	86
PID 440 wrote to memory of 4044	440	msedge.exe	87
PID 440 wrote to memory of 4044	440	msedge.exe	87
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88
PID 440 wrote to memory of 2044	440	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bf18500bd36546b6201fc5ee5237ee3a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8234d46f8,0x7ff8234d4708,0x7ff8234d4718
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13795581736492279174,16429503220365322241,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,13795581736492279174,16429503220365322241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,13795581736492279174,16429503220365322241,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13795581736492279174,16429503220365322241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13795581736492279174,16429503220365322241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,13795581736492279174,16429503220365322241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,13795581736492279174,16429503220365322241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13795581736492279174,16429503220365322241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13795581736492279174,16429503220365322241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13795581736492279174,16429503220365322241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13795581736492279174,16429503220365322241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13795581736492279174,16429503220365322241,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4829218222c8bedb9ffe89dffd37095

SHA1
aae577f33f413ec3d09f2e7ff5d9cc20a602241c

SHA256
49239b229a2519583ba5d6de3702480b8a8ebf3cfaa8945100dbab25fcb02b7b

SHA512
03e26a2e3de41b8a829b5543da504c7d7ccdc4c112d629efcac24dcda23acb50a52b5b99572b5efb2a01cf392a457cf9fac85663b3d63f7606be00dba218f8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
15e9c4b4eefb3e1c08a010e748e10f58

SHA1
3172378f2c7a00553ce086dbf53fcf3126c5a724

SHA256
07b56a769467e8b57f9b7acd9d32da266ca5000803758c18bb6818ac236c7000

SHA512
811058b539e914a812c88543bb6657de736f691d18d6dadb5e1f6ced286780fb334dc5f575babbcf4fd2dceda30d1bf4004b374c5775e7f278346b100b29eb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
190B

MD5
d4d1a9d7db4df7281611f79ccd97e955

SHA1
5a5de6c19e24ca649e3f5a0ce676c8bab8f51361

SHA256
dfe098ffbef91cdab455ef7b24f46d5abe25657d75db2ec5834eb2f6e86ce605

SHA512
34d1d2a036f48df2000edfcb1f109ee3339ae98a2911fe2934fc9182a0735ea6f24dc1a143c7b7a8e9e36011db1379852546e0b01cc78062856c64dad6ae9225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cd7e14cf941eeaf6d1bbe330f388fb37

SHA1
32d0041a79c584f86f7ebde756e943e9e41e4608

SHA256
7a50091f5b4074bb65d6d55c8826e41637986b03f9815c86fa2c2390a97e35a6

SHA512
d04b8bbaa1be974f2829b2bdaeef3b3460119a77d806e54d8c89106269130cedb6a4160e623d5fdce816b9d828377590f056925c2f6224864f94cc20314dce9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
32a9092438a4281cdad3b848105e3ee6

SHA1
d881a54aad82233ed76c2f147223908e76a082be

SHA256
1186836399c3f5618e3b01feacbcc2e4764bc5be929c28e2fedf5c45cdd00543

SHA512
be0567833fa0476c8ec413004e978a182fe637182ec06d877e657f4df4b434864033f52a8f7fd5dc37b1ce2d56f23c820211204f00eaacaa20a9e0634f1635ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7915ba0545666aa5833cf9f9f86d45d6

SHA1
743ecc319bc2a54973582d4a5198042a48fbe8db

SHA256
f8fcc045da13bde0f5dec3ada86342105cbff34ebc2442bcf51e8ed509a95b20

SHA512
a53036251a22cdc95579ea8641c5574f1dc1f7dfd0390f00ebeafbbea0c1a2c0c3e6dba23bbbb8d8e2c77a3e1e816ccfaf84a97da1c334019c8df1414999d1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6b6181f5479071d6c76d41f18398d2d5

SHA1
bf0ae5b83e9188a044198f0dc76554e7b3eba80a

SHA256
aeff347ec0577e4cf307220565be6f4c516c1cdfe9e34f9c543d8779cdb88df2

SHA512
7a7e32cd563d87e7896a85c9094d400bb8e1ccf81f9243c2c6f8f6f48e1a29e93710fa562faecfbd5d56fbf0bd446d42d0674ff1aa4149615ad1e5a98f99c166

Download Submit