ac8a8148c31df3efd4067dc77dae463b97fa8693dae51c39219b0f451caf6072

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 19:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c1651759201a718d164b907b82c7a2bd_JaffaCakes118.html
Size

4KB
MD5

c1651759201a718d164b907b82c7a2bd
SHA1

7272b963a7e041e311c7b44ebb9a9e189020816c
SHA256

ac8a8148c31df3efd4067dc77dae463b97fa8693dae51c39219b0f451caf6072
SHA512

2d0831a1267101f6e001650a5b87a3de195ca5f673dca98136ec86f28ca514aeee992b6496392350e672d1066d88e761a623fa8c5ab2a104f24813c8f37cb54f
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8ogirmld:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDX

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
3932	msedge.exe
3932	msedge.exe
4268	identity_helper.exe
4268	identity_helper.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 4920	3932	msedge.exe	84
PID 3932 wrote to memory of 4920	3932	msedge.exe	84
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 2156	3932	msedge.exe	85
PID 3932 wrote to memory of 1984	3932	msedge.exe	86
PID 3932 wrote to memory of 1984	3932	msedge.exe	86
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87
PID 3932 wrote to memory of 2904	3932	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1651759201a718d164b907b82c7a2bd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab75f46f8,0x7ffab75f4708,0x7ffab75f4718
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,15180708121817393151,15522326950372476030,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,15180708121817393151,15522326950372476030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,15180708121817393151,15522326950372476030,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15180708121817393151,15522326950372476030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15180708121817393151,15522326950372476030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,15180708121817393151,15522326950372476030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,15180708121817393151,15522326950372476030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15180708121817393151,15522326950372476030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15180708121817393151,15522326950372476030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15180708121817393151,15522326950372476030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15180708121817393151,15522326950372476030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,15180708121817393151,15522326950372476030,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
292B

MD5
8948bf708eed5ad89026d79e1835838e

SHA1
ac77c500678e7d68194759b649eec89730b0d995

SHA256
922591adb5c22a8ddc21ab87e4913c03426758915ee1161e6a6a243e6a950185

SHA512
343e07476b4ad293106f40c1225d95b07823edc7645fe4ec9de93157738a180b2b4f595f01f12b58ff75cc57734528cceaea0c984170d3664715b8d129d562e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1cd38d2c56fb0115d39e2a9024f329f7

SHA1
29dfcc1a6c00d07801bb8b4e8d157cdd9b7ce7ba

SHA256
8320787ebec4efb8875c9b5058eb5a0cd751c96aa20964f793242e211b08f2f1

SHA512
5e839e161be526b7e504558506a4dc8b5e72481046ba3df77e5559d8a5c55a0f754d4e1cc874dc38ae03e436baff8c4bd2a2530ed2722f6d91da2af4672bdebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a10d512ff7e0613b15a8366d21ee51da

SHA1
a8ef0e358e5b61882e8ae143d1cbbc96b4dd11f8

SHA256
de0a551f2a7c06845d9ff57bf7acb17e78c2f40ba6c8d51722ffc0b1b2fdcc74

SHA512
2fb2848a431815497e5e47a450758401c579170bccec870e4557eda68d424a139e155f7685f1e09b3a083ada00f57846db9a6dceb44b60ff1c567119a6c2f770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a1842830e2ffc605bc6135972a8bd4f9

SHA1
5ceab0f9d886bfc5d697f97ed06aad8e3c9605d0

SHA256
507e0e08cc89e3478d2aa2c843f46193558bd42327d46e704f5f0cc1051d10a8

SHA512
e1475f3ceddcd918b1d07a6dedba00d1bd4ecebb39cf625e4f4acb288817b1280b9811d4b68354bcd9fd8b2ede0ab035a64fef27843307c7d3b8550ea9f1b9f2

Download Submit