117218958e149b7a66cd66ebcfe4258128d30d2f34899138d69c4e309c7c05a0

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bffdc2792cf28f3729d8d4b1387f477e_JaffaCakes118.html
Size

3KB
MD5

bffdc2792cf28f3729d8d4b1387f477e
SHA1

88ae900467e325b415cbb3db43465f0ee7284581
SHA256

117218958e149b7a66cd66ebcfe4258128d30d2f34899138d69c4e309c7c05a0
SHA512

f9748d6c66ba4a517792871cb30d9582ba208639890071ff375572906594da4f40333f2e121d01538ee605f54aad287229b2c4ab2df4e59de14e42517344daab

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
2292	msedge.exe
2292	msedge.exe
452	identity_helper.exe
452	identity_helper.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2204	2292	msedge.exe	84
PID 2292 wrote to memory of 2204	2292	msedge.exe	84
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 548	2292	msedge.exe	85
PID 2292 wrote to memory of 3544	2292	msedge.exe	86
PID 2292 wrote to memory of 3544	2292	msedge.exe	86
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87
PID 2292 wrote to memory of 1520	2292	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bffdc2792cf28f3729d8d4b1387f477e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca8c646f8,0x7ffca8c64708,0x7ffca8c64718
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2523425731385157165,4486281108062551730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,2523425731385157165,4486281108062551730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,2523425731385157165,4486281108062551730,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2523425731385157165,4486281108062551730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2523425731385157165,4486281108062551730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2523425731385157165,4486281108062551730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2523425731385157165,4486281108062551730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2523425731385157165,4486281108062551730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2523425731385157165,4486281108062551730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2523425731385157165,4486281108062551730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2523425731385157165,4486281108062551730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2523425731385157165,4486281108062551730,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
276B

MD5
63e94862b42530f86676ad4d8dad984d

SHA1
3fd2230f79711e641c7d8bc1fc8f6d671319aec8

SHA256
02bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25

SHA512
8f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8f56f0250df4962b29ff366eb73ab12

SHA1
ad4dd76b67c7ff40a0055e322a0e5b020b5fcd0c

SHA256
0af8d6f526899b6cbc1696a22c964ac411b9456b520523f97b959f49f40f4f06

SHA512
54f2bc729829f00f97f59ddc9c6f0fe372705946d51f94228c37ec80667b9ecaf8bb767e71cc0c17b1cbe82309eb30176a9f65b86827a4a65278c23d5cd67603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
65753513f9d6de148c49f52907639139

SHA1
ad2e2b6d9f16a894d4ae21dd3a135f44218ec43d

SHA256
8fcd8f06b9f65329c4864ea62dd124c6cc9c0ca7679716cfaed27759a3e18a45

SHA512
84820ad05b1d2e7ac6f6b5397c5b1c1c40daae7e8657965c4a52bb5525c20976c2d9ca052ef073b01c5e2664cbc4631727c5e868ab4e90c18f0e54bb9c94d7c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
b27920cd238c043ecfb5ca341dd811bf

SHA1
a25bbde0d74c1012c3dafc747afab80509ed7712

SHA256
6c6d8216e954bb090cea4f7f06e0aee93429ea9adc0518247036de1406055839

SHA512
0cc6856650f3147d3730566321ccb2e8fe9b36f35f3a35bf839de4d3df3b8835c7aef961e12dd5d8b9da77b1d123c8495b1fc41011e240f1f5d28697737907c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581335.TMP

Filesize
203B

MD5
fc2ee74fc0a4c308d319b26fb6bd32a9

SHA1
9bd3ff9a54197db15eab3608cfb2536389ba7ac1

SHA256
f4b80f2654f22a7f8eaa74fc6a11ab51fa9b96c7dea4926e912f090e351b528c

SHA512
39f0dbf442e88041298bf1287f30d603918be7930816d03d8e53535e6a74907b56725ffc9059d6b4e48fb164ec85b8b4e01a5316b8eeda753bba9c56d314a850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eeb63bc11617cb368f07cf5f41ca4cab

SHA1
716564bcecd083e0d6ce8f03839e9d581bbd794c

SHA256
4b312bad1f5edea2741b3699db991d74cab266160ee559b5c7964458855e697f

SHA512
7efc4aa8e5c05abea31322a3a77310790cf93355278b6afc95f33fe716f162645611a445352f76989df0af5de1b11b48418939eae9ef5c0fb750e29e67b4b95e

Download Submit