ac428b6225a9d011d82e646daef613cf23501745c26189839bb41ec1c137455c

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2024, 20:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c796ab87481f3450d273932cb2ccdf64_JaffaCakes118.html
Size

33KB
MD5

c796ab87481f3450d273932cb2ccdf64
SHA1

2a337e41171bee183a57fee42679ed0548179aa2
SHA256

ac428b6225a9d011d82e646daef613cf23501745c26189839bb41ec1c137455c
SHA512

20fea37f43664f215a104621aba9da7ba9cc3add7ff1ad5e66ab7e811439ffa04fb0ef472cbc11ede0a1ffad807fd50697af7529b2edb096cbfabdc5e108b39a
SSDEEP

768:2nZsAl+wpXljrEkKpr2Z8LcpR9h2xrNKbxDnNQ9h2xhhIbP:2nZsAlzp1PEkAr2Z8Lcph2xrNKtDnNMl

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
1740	msedge.exe
1740	msedge.exe
872	identity_helper.exe
872	identity_helper.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 1784	1740	msedge.exe	84
PID 1740 wrote to memory of 1784	1740	msedge.exe	84
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 3596	1740	msedge.exe	85
PID 1740 wrote to memory of 404	1740	msedge.exe	86
PID 1740 wrote to memory of 404	1740	msedge.exe	86
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87
PID 1740 wrote to memory of 2400	1740	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c796ab87481f3450d273932cb2ccdf64_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdef2a46f8,0x7ffdef2a4708,0x7ffdef2a4718
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16488955129212345467,12452044602560763124,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2368 /prefetch:2
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16488955129212345467,12452044602560763124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16488955129212345467,12452044602560763124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16488955129212345467,12452044602560763124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16488955129212345467,12452044602560763124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16488955129212345467,12452044602560763124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16488955129212345467,12452044602560763124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16488955129212345467,12452044602560763124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16488955129212345467,12452044602560763124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16488955129212345467,12452044602560763124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16488955129212345467,12452044602560763124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16488955129212345467,12452044602560763124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
d3bd79e39b2554325f9eaa666dd0ec83

SHA1
1bae8b4a78abb128a70eff8d4e491f26870871be

SHA256
6dd03176a9b07d75d52c34abb2ad63060f730fabd65e9eb5dc4b72051f818bc3

SHA512
c495338481aaccdac05c821d1c54e92ae4061ec0fc156f6c2097923188a35c8761b85fe499c644a4d962f47d3632b8237a7f80696e6ea9743f47194dcc9381a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d24d40ae4248042dab2394da5a2a141c

SHA1
0cc78b64d923fb1f2865cc803bf89623b89568ab

SHA256
86a72ec08a455498f59bc52806a0ffa983b6f99351daad25bb823163a6ec77f6

SHA512
685d388b6f576fd04c9e63fe8b423373f95b736f3d950189d47f8aa803ccfdcd1ae5660e2a2986a5b3f7609ac312d1f08496174fe349b6052f10449007fcfe5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
709f3ca91b9c19e729124892751c6d72

SHA1
92837183cdb94c2ab2f7aad1edc119fbd385a1ec

SHA256
10884bc025a0f1de55f813c6af2a1d4e5c270da54903729475c33c441b97a04a

SHA512
3d465abf975d0e2d91e0d7fe8b38c20f34f25aac7ded91a5c1b4e294e44bc000db9027885d49f17a02f6c9ff6335e9cca07624f251c406b8b0d7105554d6dd4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8a700386253386b2c9f2427c75b0afd

SHA1
eab5fff872813fbe9cfb5eeb9fbcb8e73f758ecb

SHA256
a8334c5dda26d3ad4bcd6abae990ab6fa4227bf20163319651d6e1e6d09d66cc

SHA512
c8a03a0e6399c4b5d954eff202f4e2b8ef58744a21a83424ed7d31007c896fb24e004341b7e1e55e8f9da3aa0b7670c9b7823a0e6354bc440ae783ea9a517685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
33a5d12b3bb9cb9caadf888c685e298c

SHA1
8544ff603f4937829982973077d1af95976b1507

SHA256
346862b07c6c28e93b592972b74ce3c8e3d4c894e1ca6821a846a75ea0d491d9

SHA512
a7b5f2b1e2a8b35df1996a5cecac5007bb3c54f659183c048b703edfb0881e32a6edecf48b49595b59bd0623f9f40e275e07199986c8af594ce5666fed3bb094

Download Submit