ee4b84aea4503d12d9fe1bb9168589b7c7d599e606776dad8aab61fca7b5ee75

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c081dedd51507694bb1c19920f6ae7d6_JaffaCakes118.html
Size

183KB
MD5

c081dedd51507694bb1c19920f6ae7d6
SHA1

1a27372c3f8706af5387b997fd81ddb8483922f7
SHA256

ee4b84aea4503d12d9fe1bb9168589b7c7d599e606776dad8aab61fca7b5ee75
SHA512

a5471eb177158165c2de6acd8962a6a958b1cb55221395e2c145d4cab109b6c7f0439a658e3f6bf0ca84135c85178474b93d68c837b28d5a78febac6b5478a04
SSDEEP

1536:Um1QWSUPBT+QYYDnDEBi82NcuSEz/NvT/gIENM6HN26kRfJXHv3fuLn29:D1L7PDxYIENM6HN26+BXPP

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
916	msedge.exe
916	msedge.exe
3176	msedge.exe
3176	msedge.exe
3064	identity_helper.exe
3064	identity_helper.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 3900	3176	msedge.exe	84
PID 3176 wrote to memory of 3900	3176	msedge.exe	84
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 1324	3176	msedge.exe	85
PID 3176 wrote to memory of 916	3176	msedge.exe	86
PID 3176 wrote to memory of 916	3176	msedge.exe	86
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87
PID 3176 wrote to memory of 4512	3176	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c081dedd51507694bb1c19920f6ae7d6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9991f46f8,0x7ff9991f4708,0x7ff9991f4718
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c8e8138d3b622f674e67d90883159f92

SHA1
fcc55696f0e15ca76afdaa1ea0307d8180f43676

SHA256
b5dcdf013e979cf30f0f2b9a770d19caaf7fff5f960de3f8a596be7c9a98f516

SHA512
e119d11b000ef87a94f991b3594ca017869b5f1b56c2e970e0ad821aa638af433e25c39fa35f0c5770c1007261d7bd2eca0d4af0788a1277aba92265a777b89f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6efb8969469073b65aa5c1139f0a1110

SHA1
ea56b3515836e384fbcb2ca3d19f3be38c1e2986

SHA256
6575ad777e143ef64299dddb44bf0738d321d31e06560dd6985b6c2ff7283101

SHA512
3c5475c6d93afdbd08a84a7d23947f1a8f273c13928e961c71448437ec8886da8a9fb12c7aa59eb08221b68cf564281b0c410fa87a24dbc7c5a0b865a8760a1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b596905b37ffb30c5b39150fd0a9178a

SHA1
6832a7b6e1e0e9d3aace47129913771b3c429f9e

SHA256
7742d413b9ca05fc61381efd069235018485fb5880cd78846cf4538f8bd7f3f0

SHA512
a173d32bc66f403de4c7048f7440cdca8450d262326c3060e889a8d60f3ac6fe32fce6429370a1db3242230fcd99c58c727f4d4e93ea6f772ab7107f60d84732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd1bdbb7c5bacf14149243f2b09f8661

SHA1
9a42ec2a94027a6ec630281e494fa52206243c5f

SHA256
67052e73761a03abce7f0e440584085c5014870ea9d0ca926831b616743df09d

SHA512
353bd5b41709c9577da0eb8555ba7f6b9ecda9c921470151b7e26b3e21f459e2910109be55a7386bddf741f168a596b20304facee65c0f4ab7dacc4355b006e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
11a71905af278cee75027b808773ee8b

SHA1
866ff71d211f4d76050833482704b15cd96b8127

SHA256
25ae2e332104d37e77e4e0c6f8d69d699c49e5bdb0ec62f76d88c2711c6a9c1e

SHA512
42c3610d67b0a286a2558d03554036debcbb0ba3d9d2e5c1d030e0d1fd362b26fec4565d016e3734c680905e8990fe2bf3adc347fae17b082fa178dd96b3dd70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585ea5.TMP

Filesize
1KB

MD5
398a8ac88c825023e1f5f5b5b19b7ff4

SHA1
35652dc726835edcf9494cd2a4626e5bb8651c17

SHA256
75eb3a57ebea44e3cfa88126cee74395dae099193aebaea63d525fea669c0e50

SHA512
90321a41c065c2b0863d3a7781b12694dcd4c6a3712c15546ca95a434d49fdb61b7d98e4ecb15538245ed863bc7af9957b99fa4d1607d9bc295afc3c2f9e2692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
60fd44c5ac52bd905558f5ce01605f13

SHA1
520557dc344691d2064d5a111bdd6dc7419aeaae

SHA256
cc138c542974f67d0330fd7b0bd0f5b432ea111aeaaae89a70fd61cb349820fc

SHA512
60583bce2ffbd9f347ab6879ab981bb13db8a96b3344f7ac8ff2a585512d866d93dc18f91d3e1b8c2d0a6c77b7723c75ce9ddf1a178c6e2b5206a579e8ac7b22

Download Submit